From d35ff03e61cccdfaf311e237c89a89a490ccedfe Mon Sep 17 00:00:00 2001 From: Lachlan Roberts Date: Mon, 2 Aug 2021 15:23:28 +1000 Subject: [PATCH] Issue #6554 - DefaultAuthenticatorFactory should not create BasicAuthenticator for null AuthMethod Signed-off-by: Lachlan Roberts --- .../eclipse/jetty/security/DefaultAuthenticatorFactory.java | 2 +- .../java/org/eclipse/jetty/security/SecurityHandler.java | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java index 722599c47d16..e25bd9954e39 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java @@ -62,7 +62,7 @@ public Authenticator getAuthenticator(Server server, ServletContext context, Aut String auth = configuration.getAuthMethod(); Authenticator authenticator = null; - if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth)) + if (Constraint.__BASIC_AUTH.equalsIgnoreCase(auth)) authenticator = new BasicAuthenticator(); else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth)) authenticator = new DigestAuthenticator(); diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java index c235eabbaf7f..f502898aac2d 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java @@ -293,9 +293,6 @@ protected IdentityService findIdentityService() return getServer().getBean(IdentityService.class); } - /** - * - */ @Override protected void doStart() throws Exception @@ -349,7 +346,7 @@ else if (_loginService.getIdentityService() != _identityService) throw new IllegalStateException("LoginService has different IdentityService to " + this); } - if (_authenticator == null && _identityService != null) + if (_authenticator == null) { // If someone has set an authenticator factory only use that, otherwise try the list of discovered factories. if (_authenticatorFactory != null) @@ -396,7 +393,6 @@ else if (_realmName != null) } @Override - protected void doStop() throws Exception { //if we discovered the services (rather than had them explicitly configured), remove them.