Skip to content
Permalink
Browse files
[JENKINS-25144]
return authentication object instead of null if authentication is not
required - otherwise valid login fails with basic authentication

(cherry picked from commit 0176b6d)
  • Loading branch information
Christof Schoell authored and olivergondza committed Dec 21, 2014
1 parent cca17cc commit 7169a3916528ac95eada2cf13e3fbd7e50ae6387
@@ -50,7 +50,7 @@ public Authentication authenticate(HttpServletRequest req, HttpServletResponse r
return null;

if (!authenticationIsRequired(username))
return null;
return SecurityContextHolder.getContext().getAuthentication();

UsernamePasswordAuthenticationToken authRequest =
new UsernamePasswordAuthenticationToken(username, password);
@@ -56,10 +56,15 @@ public void testVariousWaysToCall() throws Exception {
// call with incorrect password
makeRequestAndFail("foo:bar");

// if the session cookie is valid, then basic header won't be needed

wc.login("bar");

// if the session cookie is valid, then basic header won't be needed
makeRequestWithAuthAndVerify(null, "bar");

// if the session cookie is valid, and basic header is set anyway login should not fail either
makeRequestWithAuthAndVerify("bar:bar", "bar");

// but if the password is incorrect, it should fail, instead of silently logging in as the user indicated by session
makeRequestAndFail("foo:bar");
}

0 comments on commit 7169a39

Please sign in to comment.