added additional anonymous user protection to CustomerStateFilter (ch…

…erry picked from commit 5653d13)
esimionato · Apr 24, 2012 · 46fefea · 46fefea
1 parent 2834f30
commit 46fefea
Showing 1 changed file with 13 additions and 12 deletions.
diff --git a/...eb/src/main/java/org/broadleafcommerce/profile/web/core/security/CustomerStateFilter.java b/...eb/src/main/java/org/broadleafcommerce/profile/web/core/security/CustomerStateFilter.java
@@ -16,6 +16,17 @@
 
 package org.broadleafcommerce.profile.web.core.security;
 
+import javax.annotation.Resource;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.broadleafcommerce.profile.core.domain.Customer;
@@ -24,24 +35,14 @@
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.core.Ordered;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.RememberMeAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.GenericFilterBean;
 
-import javax.annotation.Resource;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.Map;
-
 @Component("blCustomerStateFilter")
 /**
  * <p>
@@ -75,7 +76,7 @@ public void doFilter(ServletRequest baseRequest, ServletResponse baseResponse, F
 		HttpServletResponse response = (HttpServletResponse) baseResponse;
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         Customer customer = null;
-        if (authentication != null) {
+        if ((authentication != null) && !(authentication instanceof AnonymousAuthenticationToken)) {
             String userName = request.getUserPrincipal().getName();
             customer = (Customer) request.getAttribute(customerRequestAttributeName);
             if (userName != null && (customer == null || !userName.equals(customer.getUsername()))) {