AuthoritiesAuthorizationManager.authorize throws NPE if GrantedAuthority returns null

[ffray]

Describe the bug
When using a complex GrantedAuthority in an Authentication and AuthoritiesAuthorizationManager.authorize is used, AuthoritiesAuthorizationManager.isAuthorized throws an NPE.

To Reproduce
Create a subclass of GrantedAuthority, whose getAuthority returns null.
Create an Authentication and add an instance of the custom class as authority.
Create an AuthoritiesAuthorizationManager and call authorize(authentication, 'SOME_VALUE').

Expected behavior
As null values are valid according to the documentation and are required in such cases,
a null-check should be introduced.

Affected version
The class is located in org.springframework.security:spring-security-core:7.0.2

Sample

See this Demo project showing the issue.
It uses Spring Boot 4.0.1 for Dependency Management.

[Khyojae]

I can reproduce this issue with the demo project. I'd like to work on this!

[Khyojae]

I have submitted a PR for this issue. You can check it here: #18544