From 600ab04cc7d75d3bc7569748c138d6dd4f47be51 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Mon, 4 Feb 2008 19:36:44 +0000
Subject: [PATCH] SEC-663: Added null check for pre-authenticated principal
 value (and skip authentication attempt if null).

---
 .../preauth/AbstractPreAuthenticatedProcessingFilter.java | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
index 457b8a6c66..7b43d332c2 100755
--- a/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
+++ b/core/src/main/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilter.java
@@ -74,6 +74,14 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends SpringSec
         Object principal = getPreAuthenticatedPrincipal(httpRequest);
         Object credentials = getPreAuthenticatedCredentials(httpRequest);
 
+        if (principal == null) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("No pre-authenticated principal found in request");
+            }
+
+            return;            
+        }
+
         if (logger.isDebugEnabled()) {
             logger.debug("preAuthenticatedPrincipal = " + principal + ", trying to authenticate");
         }