SecureContextLoginModuleTest has been renamed to ...Tests as per Acegi project.

SecureContextLoginModule now throws a LoginException if there is no authentication present, if the ignoreMissingAuthentication option is true, the login() method will simply return false.

core/src/main/java/org/acegisecurity/providers/jaas/SecureContextLoginModule.java

@@ -38,7 +38,13 @@ import javax.security.auth.spi.LoginModule;
  * The {@link JaasAuthenticationProvider} allows Acegi to authenticate against
  * Jaas. <br>
  * The SecureContextLoginModule allows a Jaas based application to
- * authenticate against Acegi.
+ * authenticate against Acegi.  If there is no Authentication in the {@link
+ * SecurityContextHolder} the login() method will throw a LoginException by
+ * default. This functionality can be changed with the
+ * <tt>ignoreMissingAuthentication</tt> option by setting it to "true".
+ * Setting  ignoreMissingAuthentication=true will tell the
+ * SecureContextLoginModule to simply return false and be ignored if the
+ * authentication is null.
  *
  * @author Brian Moseley
  * @author Ray Krueger
@@ -52,6 +58,7 @@ public class SecureContextLoginModule implements LoginModule {
 
     private Authentication authen;
     private Subject subject;
+    private boolean ignoreMissingAuthentication = false;
 
     //~ Methods ================================================================
 
@@ -109,6 +116,11 @@ public class SecureContextLoginModule implements LoginModule {
     public void initialize(Subject subject, CallbackHandler callbackHandler,
         Map sharedState, Map options) {
         this.subject = subject;
+
+        if (options != null) {
+            ignoreMissingAuthentication = "true".equals(options.get(
+                        "ignoreMissingAuthentication"));
+        }
     }
 
     /**
@@ -125,8 +137,15 @@ public class SecureContextLoginModule implements LoginModule {
         authen = SecurityContextHolder.getContext().getAuthentication();
 
         if (authen == null) {
-            throw new LoginException("Authentication not found in security"
-                + " context");
+            String msg = "Login cannot complete, authentication not found in security context";
+
+            if (ignoreMissingAuthentication) {
+                log.warn(msg);
+
+                return false;
+            } else {
+                throw new LoginException(msg);
+            }
         }
 
         return true;

core/src/test/java/org/acegisecurity/providers/jaas/SecureContextLoginModuleTest.java → core/src/test/java/org/acegisecurity/providers/jaas/SecureContextLoginModuleTests.java

@@ -22,6 +22,8 @@ import net.sf.acegisecurity.context.SecurityContextImpl;
 import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 
 import java.util.HashSet;
+import java.util.Map;
+import java.util.HashMap;
 
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginException;
@@ -32,7 +34,7 @@ import javax.security.auth.login.LoginException;
  *
  * @author Ray Krueger
  */
-public class SecureContextLoginModuleTest extends TestCase {
+public class SecureContextLoginModuleTests extends TestCase {
     //~ Instance fields ========================================================
 
     private SecureContextLoginModule module = null;
@@ -82,6 +84,22 @@ public class SecureContextLoginModuleTest extends TestCase {
 
     public void testNullAuthenticationInSecureContext()
         throws Exception {
+        try {
+            SecurityContextHolder.getContext().setAuthentication(null);
+            module.login();
+            fail("LoginException expected, the authentication is null in the SecureContext");
+        } catch (Exception e) {
+        }
+    }
+
+    public void testNullAuthenticationInSecureContextIgnored()
+        throws Exception {
+        module = new SecureContextLoginModule();
+
+        Map options = new HashMap();
+        options.put("ignoreMissingAuthentication", "true");
+
+        module.initialize(subject, null, null, options);
         SecurityContextHolder.getContext().setAuthentication(null);
         assertFalse("Should return false and ask to be ignored", module.login());
     }