mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-02-23 23:31:27 +00:00
SEC-474: Gracefully abort if username and password non-retrievable.
This commit is contained in:
parent
f45c0944ef
commit
a18bd9100c
@ -286,6 +286,11 @@ public class TokenBasedRememberMeServices implements RememberMeServices, Initial
|
|||||||
password = successfulAuthentication.getCredentials().toString();
|
password = successfulAuthentication.getCredentials().toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If unable to find a username and password, just abort as TokenBasedRememberMeServices unable to construct a valid token in this case
|
||||||
|
if (!StringUtils.hasLength(username) || !StringUtils.hasLength(password)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
Assert.hasLength(username);
|
Assert.hasLength(username);
|
||||||
Assert.hasLength(password);
|
Assert.hasLength(password);
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user