Merge pull request 'Fix #23212: authentication:none broken' (#10) from feature/23212 into develop

fmichielssen · fmichielssen · commit 3642ca237765 · 2020-10-06T13:10:20.000Z
diff --git a/src/main/java/eu/openanalytics/containerproxy/security/WebSecurityConfig.java b/src/main/java/eu/openanalytics/containerproxy/security/WebSecurityConfig.java
@@ -143,15 +143,15 @@ protected void configure(HttpSecurity http) throws Exception {
 			http.addFilter(new BasicAuthenticationFilter(authenticationManagerBean()));
 		}
 	
-		// The `anyRequest` method may only be called once.
-		// Therefore we call it here, make our changes to it and forward it to the various authentication backends
-		ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl anyRequestConfigurer =  http.authorizeRequests().anyRequest();
 
 		if (auth.hasAuthorization()) {
+			// The `anyRequest` method may only be called once.
+			// Therefore we call it here, make our changes to it and forward it to the various authentication backends
+			ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl anyRequestConfigurer =  http.authorizeRequests().anyRequest();
 			anyRequestConfigurer.fullyAuthenticated();
+			auth.configureHttpSecurity(http, anyRequestConfigurer);
 		}
 
-		auth.configureHttpSecurity(http, anyRequestConfigurer);
 
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -143,15 +143,15 @@ protected void configure(HttpSecurity http) throws Exception {`
`143`	`143`	`http.addFilter(new BasicAuthenticationFilter(authenticationManagerBean()));`
`144`	`144`	`}`
`145`	`145`
`146`		- // The `anyRequest` method may only be called once.
`147`		`- // Therefore we call it here, make our changes to it and forward it to the various authentication backends`
`148`		`- ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl anyRequestConfigurer = http.authorizeRequests().anyRequest();`
`149`	`146`
`150`	`147`	`if (auth.hasAuthorization()) {`
	`148`	+ // The `anyRequest` method may only be called once.
	`149`	`+ // Therefore we call it here, make our changes to it and forward it to the various authentication backends`
	`150`	`+ ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl anyRequestConfigurer = http.authorizeRequests().anyRequest();`
`151`	`151`	`anyRequestConfigurer.fullyAuthenticated();`
	`152`	`+ auth.configureHttpSecurity(http, anyRequestConfigurer);`
`152`	`153`	`}`
`153`	`154`
`154`		`- auth.configureHttpSecurity(http, anyRequestConfigurer);`
`155`	`155`
`156`	`156`	`}`
`157`	`157`