From c5fe428400deba74e6fd735f8b606ba1d9f5bdcc Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Thu, 10 Mar 2005 12:00:30 +0000 Subject: [PATCH] Patch by Matt Raible which returns null if Authentication is anonymous. --- .../wrapper/ContextHolderAwareRequestWrapper.java | 15 +++++++++++++-- doc/xdocs/changes.xml | 1 + 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/wrapper/ContextHolderAwareRequestWrapper.java b/core/src/main/java/org/acegisecurity/wrapper/ContextHolderAwareRequestWrapper.java index 56042aaf05..2d40fd68e8 100644 --- a/core/src/main/java/org/acegisecurity/wrapper/ContextHolderAwareRequestWrapper.java +++ b/core/src/main/java/org/acegisecurity/wrapper/ContextHolderAwareRequestWrapper.java @@ -16,10 +16,13 @@ package net.sf.acegisecurity.wrapper; import net.sf.acegisecurity.Authentication; +import net.sf.acegisecurity.AuthenticationTrustResolver; +import net.sf.acegisecurity.AuthenticationTrustResolverImpl; import net.sf.acegisecurity.GrantedAuthority; import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.context.ContextHolder; import net.sf.acegisecurity.context.security.SecureContext; +import net.sf.acegisecurity.context.security.SecureContextUtils; import java.security.Principal; @@ -39,6 +42,10 @@ import javax.servlet.http.HttpServletRequestWrapper; * @version $Id$ */ public class ContextHolderAwareRequestWrapper extends HttpServletRequestWrapper { + //~ Instance fields ======================================================== + + private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl(); + //~ Constructors =========================================================== public ContextHolderAwareRequestWrapper(HttpServletRequest request) { @@ -109,8 +116,12 @@ public class ContextHolderAwareRequestWrapper extends HttpServletRequestWrapper private Authentication getAuthentication() { if ((ContextHolder.getContext() != null) && ContextHolder.getContext() instanceof SecureContext) { - return ((SecureContext) ContextHolder.getContext()) - .getAuthentication(); + Authentication auth = SecureContextUtils.getSecureContext() + .getAuthentication(); + + if (!authenticationTrustResolver.isAnonymous(auth)) { + return auth; + } } return null; diff --git a/doc/xdocs/changes.xml b/doc/xdocs/changes.xml index 9dafc14a1c..518f6937cb 100644 --- a/doc/xdocs/changes.xml +++ b/doc/xdocs/changes.xml @@ -27,6 +27,7 @@ SecurityEnforcementFilter caused NullPointerException when anonymous authentication used with BasicProcessingFilterEntryPoint + ContextHolderAwareRequestWrapper methods returns null if user is anonymous Added Digest Authentication support (RFC 2617 and RFC 2069)