From 1e0e9a2c98d6f37aa8989801a75fb434cd953c06 Mon Sep 17 00:00:00 2001
From: shazin <shazin.sadakath@gmail.com>
Date: Tue, 15 Mar 2022 19:40:03 +0530
Subject: [PATCH] Allow authenticationIsRequired to be overridden

Issue gh-10347
---
 .../web/authentication/www/BasicAuthenticationFilter.java       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
index 432fd23494..4b680efc0e 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
@@ -202,7 +202,7 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
 		chain.doFilter(request, response);
 	}
 
-	private boolean authenticationIsRequired(String username) {
+	protected boolean authenticationIsRequired(String username) {
 		// Only reauthenticate if username doesn't match SecurityContextHolder and user
 		// isn't authenticated (see SEC-53)
 		Authentication existingAuth = this.securityContextHolderStrategy.getContext().getAuthentication();