From ae0971ce77c7a7d5daaed3b84ae4a277f97449e2 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Sun, 22 Nov 2015 11:33:30 +0000
Subject: [PATCH] Prevent anonymous session to be authenticated

git-svn-id: https://svn.argeo.org/commons/trunk@8584 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index 53b4242ef..db677f57e 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -126,7 +126,7 @@ public class UserAdminLoginModule implements LoginModule, AuthConstants {
 	public boolean commit() throws LoginException {
 		Authorization authorization = subject
 				.getPrivateCredentials(Authorization.class).iterator().next();
-		if (request != null) {
+		if (request != null && authorization.getName() != null) {
 			request.setAttribute(HttpContext.REMOTE_USER,
 					authorization.getName());
 			request.setAttribute(HttpContext.AUTHORIZATION, authorization);
-- 
2.30.2