From 46ef4239ca72238eb82f7a148be2f9e1ac087654 Mon Sep 17 00:00:00 2001
From: Scott Battaglia <scott_battaglia@rutgers.edu>
Date: Wed, 18 Nov 2009 15:19:55 +0000
Subject: [PATCH] SEC-1228

added NO_PASSWORD instead of passing in NULL since the User object does not allowe NULL for the password.
---
 ...tedAuthorityFromAssertionAttributesUserDetailsService.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java b/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
index 4eea5cf591..7251f3de69 100644
--- a/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
+++ b/cas/src/main/java/org/springframework/security/cas/userdetails/GrantedAuthorityFromAssertionAttributesUserDetailsService.java
@@ -35,6 +35,8 @@ import java.util.ArrayList;
  */
 public final class GrantedAuthorityFromAssertionAttributesUserDetailsService extends AbstractCasAssertionUserDetailsService {
 
+    private static final String NON_EXISTENT_PASSWORD_VALUE = "NO_PASSWORD";
+
     private String[] attributes;
 
     private boolean convertToUpperCase = true;
@@ -70,7 +72,7 @@ public final class GrantedAuthorityFromAssertionAttributesUserDetailsService ext
 
         }
 
-        return new User(assertion.getPrincipal().getName(), null, true, true, true, true, grantedAuthorities);
+        return new User(assertion.getPrincipal().getName(), NON_EXISTENT_PASSWORD_VALUE, true, true, true, true, grantedAuthorities);
     }
 
     /**