root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

SEC-576: Add check for null pre-auth principal and return null if found.

This commit is contained in:
Luke Taylor 2008-01-31 14:50:12 +00:00
parent 5394350cc8
commit a305c9111f
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
View File

@ -42,6 +42,9 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
/** /**
* Authenticate the given PreAuthenticatedAuthenticationToken. * Authenticate the given PreAuthenticatedAuthenticationToken.
* <p>
* If the principal contained in the authentication object is null, the request will be ignored to allow other
* providers to authenticate it.
*/ */
public Authentication authenticate(Authentication authentication) throws AuthenticationException { public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (!supports(authentication.getClass())) { if (!supports(authentication.getClass())) {
@ -52,7 +55,12 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
logger.debug("PreAuthenticated authentication request: " + authentication); logger.debug("PreAuthenticated authentication request: " + authentication);
} }
UserDetails ud = preAuthenticatedUserDetailsService.loadUserDetails((PreAuthenticatedAuthenticationToken) authentication); if(authentication.getPrincipal() == null) {
logger.debug("No pre-authenticated principal found in request.");
return null;
}
UserDetails ud = preAuthenticatedUserDetailsService.loadUserDetails(authentication);
if (ud == null) { if (ud == null) {
return null; return null;

9
core/src/test/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProviderTests.java
View File

@ -36,7 +36,14 @@ public class PreAuthenticatedAuthenticationProviderTests extends TestCase {
assertNull(result); assertNull(result);
} }
public final void testAuthenticateKnownUser() throws Exception { public final void testNullPrincipalReturnsNullAuthentication() throws Exception {
PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
Authentication request = new PreAuthenticatedAuthenticationToken(null, "dummyPwd");
Authentication result = provider.authenticate(request);
assertNull(result);
}
public final void testAuthenticateKnownUser() throws Exception {
UserDetails ud = new User("dummyUser", "dummyPwd", true, true, true, true, new GrantedAuthority[] {}); UserDetails ud = new User("dummyUser", "dummyPwd", true, true, true, true, new GrantedAuthority[] {});
PreAuthenticatedAuthenticationProvider provider = getProvider(ud); PreAuthenticatedAuthenticationProvider provider = getProvider(ud);
Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser", "dummyPwd"); Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser", "dummyPwd");