17 年之前 · a305c9111f
--- a/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProvider.java
@@ -42,6 +42,9 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 
				 

			
 
				     /**

			
 
				      * Authenticate the given PreAuthenticatedAuthenticationToken.

			
 
				+     * <p>

			
 
				+     * If the principal contained in the authentication object is null, the request will be ignored to allow other

			
 
				+     * providers to authenticate it.

			
 
				      */

			
 
				     public Authentication authenticate(Authentication authentication) throws AuthenticationException {

			
 
				         if (!supports(authentication.getClass())) {

			
@@ -52,7 +55,12 @@ public class PreAuthenticatedAuthenticationProvider implements AuthenticationPro
 
				             logger.debug("PreAuthenticated authentication request: " + authentication);

			
 
				         }

			
 
				 

			
 
				-        UserDetails ud = preAuthenticatedUserDetailsService.loadUserDetails((PreAuthenticatedAuthenticationToken) authentication);

			
 
				+        if(authentication.getPrincipal() == null) {

			
 
				+            logger.debug("No pre-authenticated principal found in request.");

			
 
				+            return null;

			
 
				+        }

			
 
				+

			
 
				+        UserDetails ud = preAuthenticatedUserDetailsService.loadUserDetails(authentication);

			
 
				 

			
 
				         if (ud == null) {

			
 
				             return null;

			
--- a/core/src/test/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProviderTests.java
+++ b/core/src/test/java/org/springframework/security/providers/preauth/PreAuthenticatedAuthenticationProviderTests.java
@@ -36,7 +36,14 @@ public class PreAuthenticatedAuthenticationProviderTests extends TestCase {
 
				 		assertNull(result);

			
 
				 	}

			
 
				 

			
 
				-	public final void testAuthenticateKnownUser() throws Exception {

			
 
				+    public final void testNullPrincipalReturnsNullAuthentication() throws Exception {

			
 
				+        PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();

			
 
				+        Authentication request = new PreAuthenticatedAuthenticationToken(null, "dummyPwd");

			
 
				+        Authentication result = provider.authenticate(request);

			
 
				+        assertNull(result);

			
 
				+    }

			
 
				+

			
 
				+    public final void testAuthenticateKnownUser() throws Exception {

			
 
				 		UserDetails ud = new User("dummyUser", "dummyPwd", true, true, true, true, new GrantedAuthority[] {});

			
 
				 		PreAuthenticatedAuthenticationProvider provider = getProvider(ud);

			
 
				 		Authentication request = new PreAuthenticatedAuthenticationToken("dummyUser", "dummyPwd");