From 306928306b014490373a9b5bba07ed85d208ac26 Mon Sep 17 00:00:00 2001
From: Griffin Dunn <me@oakley.ninja>
Date: Fri, 13 Sep 2019 12:26:33 -0400
Subject: [PATCH] fix(oauth2): Add before filter to fix basic auth (#899)

---
 .../spinnaker/gate/security/oauth2/OAuth2SsoConfig.groovy      | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gate-oauth2/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SsoConfig.groovy b/gate-oauth2/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SsoConfig.groovy
index 96dfd6393b..b6ed6b21cf 100644
--- a/gate-oauth2/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SsoConfig.groovy
+++ b/gate-oauth2/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SsoConfig.groovy
@@ -38,6 +38,8 @@ import org.springframework.security.web.authentication.LoginUrlAuthenticationEnt
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
 import org.springframework.session.web.http.DefaultCookieSerializer
 import org.springframework.stereotype.Component
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 
 import javax.servlet.http.HttpServletRequest
 import javax.servlet.http.HttpServletResponse
@@ -81,6 +83,7 @@ class OAuth2SsoConfig extends WebSecurityConfigurerAdapter {
     authConfig.configure(http)
 
     http.exceptionHandling().authenticationEntryPoint(entryPoint)
+    http.addFilterBefore(new BasicAuthenticationFilter(authenticationManager()), UsernamePasswordAuthenticationFilter)
     http.addFilterBefore(externalAuthTokenFilter, AbstractPreAuthenticatedProcessingFilter.class)
   }