Skip to content
Permalink
Browse files

[JENKINS-25144]

return authentication object instead of null if authentication is not
required - otherwise valid login fails with basic authentication

(cherry picked from commit 0176b6d)
  • Loading branch information...
Christof Schoell authored and olivergondza committed Oct 14, 2014
1 parent cca17cc commit 7169a3916528ac95eada2cf13e3fbd7e50ae6387
@@ -50,7 +50,7 @@ public Authentication authenticate(HttpServletRequest req, HttpServletResponse r
return null;

if (!authenticationIsRequired(username))
return null;
return SecurityContextHolder.getContext().getAuthentication();

UsernamePasswordAuthenticationToken authRequest =
new UsernamePasswordAuthenticationToken(username, password);
@@ -56,10 +56,15 @@ public void testVariousWaysToCall() throws Exception {
// call with incorrect password
makeRequestAndFail("foo:bar");

// if the session cookie is valid, then basic header won't be needed

wc.login("bar");

// if the session cookie is valid, then basic header won't be needed
makeRequestWithAuthAndVerify(null, "bar");

// if the session cookie is valid, and basic header is set anyway login should not fail either
makeRequestWithAuthAndVerify("bar:bar", "bar");

// but if the password is incorrect, it should fail, instead of silently logging in as the user indicated by session
makeRequestAndFail("foo:bar");
}

0 comments on commit 7169a39

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.