Prevent anonymous session to be authenticated

git-svn-id: https://svn.argeo.org/commons/trunk@8584 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index 53b4242ef0be61043f4ec3325189af0974f5b17e..db677f57e13dc7f9a5715459dc532248ac054f2f 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -126,7 +126,7 @@ public class UserAdminLoginModule implements LoginModule, AuthConstants {
        public boolean commit() throws LoginException {
                Authorization authorization = subject
                                .getPrivateCredentials(Authorization.class).iterator().next();
-               if (request != null) {
+               if (request != null && authorization.getName() != null) {
                        request.setAttribute(HttpContext.REMOTE_USER,
                                        authorization.getName());
                        request.setAttribute(HttpContext.AUTHORIZATION, authorization);