From 1b6b8331facf7ad0bfd06ef857604e56ed9fa8b0 Mon Sep 17 00:00:00 2001
From: Lachlan Roberts <lachlan@webtide.com>
Date: Thu, 17 Aug 2023 15:44:20 +1000
Subject: [PATCH] fix bug in SecurityHandler and remove EE10 FormAuthenticator

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
---
 .../jetty/security/SecurityHandler.java       |  2 +-
 .../servlet/security/FormAuthenticator.java   | 26 -------------------
 .../security/FormAuthenticatorTest.java       |  1 +
 3 files changed, 2 insertions(+), 27 deletions(-)
 delete mode 100644 jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/security/FormAuthenticator.java

diff --git a/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
index e66a2bb1620..e8bf44034a4 100644
--- a/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
+++ b/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
@@ -600,7 +600,7 @@ public abstract class SecurityHandler extends Handler.Wrapper implements Configu
         return switch (constraint.getAuthorization())
         {
             case FORBIDDEN, ALLOWED, INHERIT -> true;
-            case ANY_USER -> userIdentity == null || userIdentity.getUserPrincipal() == null;
+            case ANY_USER -> userIdentity != null && userIdentity.getUserPrincipal() != null;
             case KNOWN_ROLE ->
             {
                 if (userIdentity != null && userIdentity.getUserPrincipal() != null)
diff --git a/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/security/FormAuthenticator.java b/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/security/FormAuthenticator.java
deleted file mode 100644
index 5c1b5d28645..00000000000
--- a/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/security/FormAuthenticator.java
+++ /dev/null
@@ -1,26 +0,0 @@
-//
-// ========================================================================
-// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
-//
-// This program and the accompanying materials are made available under the
-// terms of the Eclipse Public License v. 2.0 which is available at
-// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
-// which is available at https://www.apache.org/licenses/LICENSE-2.0.
-//
-// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
-// ========================================================================
-//
-
-package org.eclipse.jetty.ee10.servlet.security;
-
-public class FormAuthenticator extends org.eclipse.jetty.security.authentication.FormAuthenticator
-{
-    public FormAuthenticator()
-    {
-    }
-
-    public FormAuthenticator(String login, String error, boolean dispatch)
-    {
-        super(login, error, dispatch);
-    }
-}
diff --git a/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/security/FormAuthenticatorTest.java b/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/security/FormAuthenticatorTest.java
index 0d669c903ec..512da4a8010 100644
--- a/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/security/FormAuthenticatorTest.java
+++ b/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/security/FormAuthenticatorTest.java
@@ -24,6 +24,7 @@ import org.eclipse.jetty.ee10.servlet.ServletContextHandler;
 import org.eclipse.jetty.security.Constraint;
 import org.eclipse.jetty.security.EmptyLoginService;
 import org.eclipse.jetty.security.SecurityHandler;
+import org.eclipse.jetty.security.authentication.FormAuthenticator;
 import org.eclipse.jetty.server.LocalConnector;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.util.URIUtil;