SecureContextLoginModuleTest has been renamed to ...Tests as per Acegi project.

SecureContextLoginModule now throws a LoginException if there is no authentication present, if the ignoreMissingAuthentication option is true, the login() method will simply return false.
2025-06-22 20:12:14 +00:00 · 2005-07-22 04:35:31 +00:00 · 2005-07-22 04:35:31 +00:00 · 4b98d357ff
commit 4b98d357ff
parent 28e8c93beb
2 changed files with 41 additions and 4 deletions
--- a/core/src/main/java/org/acegisecurity/providers/jaas/SecureContextLoginModule.java
+++ b/core/src/main/java/org/acegisecurity/providers/jaas/SecureContextLoginModule.java
@ -38,7 +38,13 @@ import javax.security.auth.spi.LoginModule;
 * The {@link JaasAuthenticationProvider} allows Acegi to authenticate against
 * Jaas. <br>
 * The SecureContextLoginModule allows a Jaas based application to
- * authenticate against Acegi.
+ * authenticate against Acegi.  If there is no Authentication in the {@link
+ * SecurityContextHolder} the login() method will throw a LoginException by
+ * default. This functionality can be changed with the
+ * <tt>ignoreMissingAuthentication</tt> option by setting it to "true".
+ * Setting  ignoreMissingAuthentication=true will tell the
+ * SecureContextLoginModule to simply return false and be ignored if the
+ * authentication is null.
 *
 * @author Brian Moseley
 * @author Ray Krueger
@ -52,6 +58,7 @@ public class SecureContextLoginModule implements LoginModule {

    private Authentication authen;
    private Subject subject;
+    private boolean ignoreMissingAuthentication = false;

    //~ Methods ================================================================

@ -109,6 +116,11 @@ public class SecureContextLoginModule implements LoginModule {
    public void initialize(Subject subject, CallbackHandler callbackHandler,
        Map sharedState, Map options) {
        this.subject = subject;
+
+        if (options != null) {
+            ignoreMissingAuthentication = "true".equals(options.get(
+                        "ignoreMissingAuthentication"));
+        }
    }

    /**
@ -125,8 +137,15 @@ public class SecureContextLoginModule implements LoginModule {
        authen = SecurityContextHolder.getContext().getAuthentication();

        if (authen == null) {
-            throw new LoginException("Authentication not found in security"
-                + " context");
+            String msg = "Login cannot complete, authentication not found in security context";
+
+            if (ignoreMissingAuthentication) {
+                log.warn(msg);
+
+                return false;
+            } else {
+                throw new LoginException(msg);
+            }
        }

        return true;
--- a/core/src/test/java/org/acegisecurity/providers/jaas/SecureContextLoginModuleTests.java
+++ b/core/src/test/java/org/acegisecurity/providers/jaas/SecureContextLoginModuleTests.java
@ -22,6 +22,8 @@ import net.sf.acegisecurity.context.SecurityContextImpl;
 import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;

 import java.util.HashSet;
+import java.util.Map;
+import java.util.HashMap;

 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginException;
@ -32,7 +34,7 @@ import javax.security.auth.login.LoginException;
 *
 * @author Ray Krueger
 */
-public class SecureContextLoginModuleTest extends TestCase {
+public class SecureContextLoginModuleTests extends TestCase {
    //~ Instance fields ========================================================

    private SecureContextLoginModule module = null;
@ -82,6 +84,22 @@ public class SecureContextLoginModuleTest extends TestCase {

    public void testNullAuthenticationInSecureContext()
        throws Exception {
+        try {
+            SecurityContextHolder.getContext().setAuthentication(null);
+            module.login();
+            fail("LoginException expected, the authentication is null in the SecureContext");
+        } catch (Exception e) {
+        }
+    }
+
+    public void testNullAuthenticationInSecureContextIgnored()
+        throws Exception {
+        module = new SecureContextLoginModule();
+
+        Map options = new HashMap();
+        options.put("ignoreMissingAuthentication", "true");
+
+        module.initialize(subject, null, null, options);
        SecurityContextHolder.getContext().setAuthentication(null);
        assertFalse("Should return false and ask to be ignored", module.login());
    }