Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
return authentication object instead of null if authentication is not
required - otherwise valid login fails with basic authentication
  • Loading branch information
Christof Schoell authored and kohsuke committed Nov 7, 2014
1 parent 95c73c3 commit 0176b6d
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
Expand Up @@ -50,7 +50,7 @@ public Authentication authenticate(HttpServletRequest req, HttpServletResponse r
return null;

if (!authenticationIsRequired(username))
return null;
return SecurityContextHolder.getContext().getAuthentication();

UsernamePasswordAuthenticationToken authRequest =
new UsernamePasswordAuthenticationToken(username, password);
Expand Down
Expand Up @@ -56,10 +56,15 @@ public void testVariousWaysToCall() throws Exception {
// call with incorrect password
makeRequestAndFail("foo:bar");

// if the session cookie is valid, then basic header won't be needed

wc.login("bar");

// if the session cookie is valid, then basic header won't be needed
makeRequestWithAuthAndVerify(null, "bar");

// if the session cookie is valid, and basic header is set anyway login should not fail either
makeRequestWithAuthAndVerify("bar:bar", "bar");

// but if the password is incorrect, it should fail, instead of silently logging in as the user indicated by session
makeRequestAndFail("foo:bar");
}
Expand Down

0 comments on commit 0176b6d

Please sign in to comment.