From 709f78e481baa2b22fce9d64ee8648210a9a863d Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Thu, 28 Feb 2008 11:44:15 +0000
Subject: [PATCH] SEC-688: java.lang.NullPointerException in
 AbstractAuthenticationToken.equals()
 http://jira.springframework.org/browse/SEC-688

---
 .../providers/AbstractAuthenticationToken.java        | 11 +++++++++--
 .../providers/x509/X509AuthenticationTokenTests.java  |  4 ++++
 .../security/providers/x509/X509TestUtils.java        |  3 +--
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/providers/AbstractAuthenticationToken.java b/core/src/main/java/org/springframework/security/providers/AbstractAuthenticationToken.java
index eb34e89361..b75e06207c 100644
--- a/core/src/main/java/org/springframework/security/providers/AbstractAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/providers/AbstractAuthenticationToken.java
@@ -110,9 +110,16 @@ public abstract class AbstractAuthenticationToken implements Authentication {
             if ((this.getCredentials() != null) && !this.getCredentials().equals(test.getCredentials())) {
                 return false;
             }
+            
+            if (this.getPrincipal() == null && test.getPrincipal() != null) {
+                return false;
+            }
 
-            return (this.getPrincipal().equals(test.getPrincipal())
-                    && (this.isAuthenticated() == test.isAuthenticated()));
+            if (this.getPrincipal() != null && !this.getPrincipal().equals(test.getPrincipal())) {
+                return false;
+            }            
+            
+            return this.isAuthenticated() == test.isAuthenticated();
         }
 
         return false;
diff --git a/core/src/test/java/org/springframework/security/providers/x509/X509AuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/providers/x509/X509AuthenticationTokenTests.java
index 4e816f3e7e..02bc5f2a0a 100644
--- a/core/src/test/java/org/springframework/security/providers/x509/X509AuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/providers/x509/X509AuthenticationTokenTests.java
@@ -45,4 +45,8 @@ public class X509AuthenticationTokenTests extends TestCase {
         token.setAuthenticated(true);
         assertTrue(token.isAuthenticated());
     }
+
+    public void testEquals() throws Exception {
+        assertEquals(X509TestUtils.createToken(), X509TestUtils.createToken());
+    }
 }
diff --git a/core/src/test/java/org/springframework/security/providers/x509/X509TestUtils.java b/core/src/test/java/org/springframework/security/providers/x509/X509TestUtils.java
index 7fca07558d..b2be4d7f7a 100644
--- a/core/src/test/java/org/springframework/security/providers/x509/X509TestUtils.java
+++ b/core/src/test/java/org/springframework/security/providers/x509/X509TestUtils.java
@@ -100,8 +100,7 @@ public class X509TestUtils {
         return (X509Certificate) cf.generateCertificate(in);
     }
 
-    public static X509AuthenticationToken createToken()
-        throws Exception {
+    public static X509AuthenticationToken createToken() throws Exception {
         return new X509AuthenticationToken(buildTestCertificate());
     }
 }