Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-09 06:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-576: Add check for null pre-auth principal and return null if found.

Browse Source
This commit is contained in:
Luke Taylor 2008-01-31 14:50:12 +00:00
parent 5394350cc8
commit a305c9111f
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
View File

@ -42,6 +42,9 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
/**
* Authenticate the given PreAuthenticatedAuthenticationToken.
* <p>
* If the principal contained in the authentication object is null, the request will be ignored to allow other
* providers to authenticate it.
*/
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (!supports(authentication.getClass())) {
@ -52,7 +55,12 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
logger.debug("PreAuthenticated authentication request: " + authentication);
}
UserDetails ud = preAuthenticatedUserDetailsService.loadUserDetails((PreAuthenticatedAuthenticationToken) authentication);
if(authentication.getPrincipal() == null) {
logger.debug("No pre-authenticated principal found in request.");
return null;
}
UserDetails ud = preAuthenticatedUserDetailsService.loadUserDetails(authentication);
if (ud == null) {
return null;

9
core/src/test/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProviderTests.java
View File

@ -36,7 +36,14 @@ public class PreAuthenticatedAuthenticationProviderTests extends TestCase {
assertNull(result);
}
public final void testAuthenticateKnownUser() throws Exception {
public final void testNullPrincipalReturnsNullAuthentication() throws Exception {
PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
Authentication request = new PreAuthenticatedAuthenticationToken(null, "dummyPwd");
Authentication result = provider.authenticate(request);
assertNull(result);
}
public final void testAuthenticateKnownUser() throws Exception {
UserDetails ud = new User("dummyUser", "dummyPwd", true, true, true, true, new GrantedAuthority[] {});
PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser", "dummyPwd");