Marco Volpini ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5a129c3cb35ed9014cf6b480 ) *created* an issue
GeoServer ( https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiZGJkYzNkMzE4ZDc3NGQ3MmEzZGFiOWI5MjFiZWU5ZjQiLCJwIjoiaiJ9 ) / Bug ( https://osgeo-org.atlassian.net/browse/GEOS-10162?atlOrigin=eyJpIjoiZGJkYzNkMzE4ZDc3NGQ3MmEzZGFiOWI5MjFiZWU5ZjQiLCJwIjoiaiJ9 ) GEOS-10162 ( https://osgeo-org.atlassian.net/browse/GEOS-10162?atlOrigin=eyJpIjoiZGJkYzNkMzE4ZDc3NGQ3MmEzZGFiOWI5MjFiZWU5ZjQiLCJwIjoiaiJ9 ) GeoServerOAuthAuthenticationFilter creates Anonymous authentication when preAuthenticated principal is not present ( https://osgeo-org.atlassian.net/browse/GEOS-10162?atlOrigin=eyJpIjoiZGJkYzNkMzE4ZDc3NGQ3MmEzZGFiOWI5MjFiZWU5ZjQiLCJwIjoiaiJ9 ) Issue Type: Bug Assignee: Marco Volpini ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5a129c3cb35ed9014cf6b480 ) Created: 26/Jul/21 12:24 PM Priority: Medium Reporter: Marco Volpini ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5a129c3cb35ed9014cf6b480 ) The GeoServerOAuthAuthenticationFilter creates Anonymous authentication when preAuthenticated principal is not present. This is should not happen since the anonymous filter should create the anonymous authentication object and since might cause other filter to not be executed if they check for the SecurityContenxt to be null as in the case of the GeoServerAuthKeyFilter ( https://github.com/geoserver/geoserver/blob/de184b2f9ed9a844b5291dd163e772132a07689b/src/extension/authkey/src/main/java/org/geoserver/security/GeoServerAuthenticationKeyFilter.java#L85 ) ( https://osgeo-org.atlassian.net/browse/GEOS-10162#add-comment?atlOrigin=eyJpIjoiZGJkYzNkMzE4ZDc3NGQ3MmEzZGFiOWI5MjFiZWU5ZjQiLCJwIjoiaiJ9 ) Add Comment ( https://osgeo-org.atlassian.net/browse/GEOS-10162#add-comment?atlOrigin=eyJpIjoiZGJkYzNkMzE4ZDc3NGQ3MmEzZGFiOWI5MjFiZWU5ZjQiLCJwIjoiaiJ9 ) Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100170- sha1:2a71a72 )
_______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
