Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 14:52:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-662: Add check for a null authentication object returned by provider and skip passing it to session controller.

Browse Source
This commit is contained in:
Luke Taylor 2008-02-04 19:27:12 +00:00
parent 9be3f20faa
commit 3f1ab233dc
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/src/main/java/org/springframework/security/providers/ProviderManager.java
View File

@ -207,8 +207,11 @@ public class ProviderManager extends AbstractAuthenticationManager implements In
try { try {
result = provider.authenticate(authentication); result = provider.authenticate(authentication);
if (result != null) {
copyDetails(authentication, result); copyDetails(authentication, result);
sessionController.checkAuthenticationAllowed(result); sessionController.checkAuthenticationAllowed(result);
}
} catch (AuthenticationException ae) { } catch (AuthenticationException ae) {
lastException = ae; lastException = ae;
result = null; result = null;