From 1258fa854eb8bfaa69cfbdceabc720f5be3773b2 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Tue, 22 Apr 2008 14:53:11 +0000
Subject: [PATCH] SEC-788: x509 authentication does not work properly
 http://jira.springframework.org/browse/SEC-788. Added check for X509 element
 when choosing entry point, if nothing else is available.

---
 .../config/HttpSecurityBeanDefinitionParser.java   | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
index 0d77f41895..981c2be0a3 100644
--- a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
@@ -408,15 +408,21 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
         	return;        	
         }
         
-        // Otherwise use OpenID
+        // Otherwise use OpenID if enabled
         if (openIDFilter != null && formLoginFilter == null) {
         	parserContext.getRegistry().registerAlias(BeanIds.OPEN_ID_ENTRY_POINT, BeanIds.MAIN_ENTRY_POINT);
         	return;        	
         }
         
-        parserContext.getReaderContext().error("No AuthenticationEntryPoint could be established. Please" +
-        		"make sure you have a login mechanism configured through the namespace (such as form-login) or" +
-        		"specify a custom AuthenticationEntryPoint with the custom-entry-point-ref  ", 
+        // If X.509 has been enabled, use the preauth entry point.
+        if (DomUtils.getChildElementByTagName(element, Elements.X509) != null) {
+            parserContext.getRegistry().registerAlias(BeanIds.PRE_AUTH_ENTRY_POINT, BeanIds.MAIN_ENTRY_POINT);
+            return;
+        }
+        
+        parserContext.getReaderContext().error("No AuthenticationEntryPoint could be established. Please " +
+        		"make sure you have a login mechanism configured through the namespace (such as form-login) or " +
+        		"specify a custom AuthenticationEntryPoint with the custom-entry-point-ref attribute ", 
                 parserContext.extractSource(element));
     }