mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-07-01 16:22:15 +00:00
SEC-663: Added null check for pre-authenticated principal value (and skip authentication attempt if null).
This commit is contained in:
parent
3f1ab233dc
commit
600ab04cc7
@ -74,6 +74,14 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
|
||||
Object principal = getPreAuthenticatedPrincipal(httpRequest);
|
||||
Object credentials = getPreAuthenticatedCredentials(httpRequest);
|
||||
|
||||
if (principal == null) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("No pre-authenticated principal found in request");
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("preAuthenticatedPrincipal = " + principal + ", trying to authenticate");
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user