Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-663: Added null check for pre-authenticated principal value (and skip authentication attempt if null).

This commit is contained in:
Luke Taylor 2008-02-04 19:36:44 +00:00
parent 3f1ab233dc
commit 600ab04cc7
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
View File

@ -74,6 +74,14 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
Object principal = getPreAuthenticatedPrincipal(httpRequest); Object principal = getPreAuthenticatedPrincipal(httpRequest);
Object credentials = getPreAuthenticatedCredentials(httpRequest); Object credentials = getPreAuthenticatedCredentials(httpRequest);
if (principal == null) {
if (logger.isDebugEnabled()) {
logger.debug("No pre-authenticated principal found in request");
}
return;
}
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("preAuthenticatedPrincipal = " + principal + ", trying to authenticate"); logger.debug("preAuthenticatedPrincipal = " + principal + ", trying to authenticate");
} }