From 57f3d268a11cac2ac6ce4974e8bc410dc2a73b78 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Mon, 27 Aug 2007 17:17:25 +0000
Subject: [PATCH] SEC-519: Fix. Changed notNull() assertion for "key" parameter
 to hasText() to prevent the use of empty keys.

---
 .../acegisecurity/providers/cas/CasAuthenticationProvider.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationProvider.java
index 66c9783f0a..cd4b5fbad8 100644
--- a/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationProvider.java
@@ -70,7 +70,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
         Assert.notNull(this.ticketValidator, "A ticketValidator must be set");
         Assert.notNull(this.casProxyDecider, "A casProxyDecider must be set");
         Assert.notNull(this.statelessTicketCache, "A statelessTicketCache must be set");
-        Assert.notNull(this.key, "A Key is required so CasAuthenticationProvider can identify tokens it previously authenticated");
+        Assert.hasText(this.key, "A Key is required so CasAuthenticationProvider can identify tokens it previously authenticated");
         Assert.notNull(this.messages, "A message source must be set");
     }