Allow authenticationIsRequired to be overridden

shazin · Steve Riesenberg · commit 1e0e9a2c98d6 · 2022-09-29T15:25:53.000-05:00
Issue gh-10347
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
@@ -202,7 +202,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 		chain.doFilter(request, response);
 	}
 
-	private boolean authenticationIsRequired(String username) {
+	protected boolean authenticationIsRequired(String username) {
 		// Only reauthenticate if username doesn't match SecurityContextHolder and user
 		// isn't authenticated (see SEC-53)
 		Authentication existingAuth = this.securityContextHolderStrategy.getContext().getAuthentication();

Original file line number	Diff line number	Diff line change
`@@ -202,7 +202,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse`
`202`	`202`	`chain.doFilter(request, response);`
`203`	`203`	`}`
`204`	`204`
`205`		`- private boolean authenticationIsRequired(String username) {`
	`205`	`+ protected boolean authenticationIsRequired(String username) {`
`206`	`206`	`// Only reauthenticate if username doesn't match SecurityContextHolder and user`
`207`	`207`	`// isn't authenticated (see SEC-53)`
`208`	`208`	`Authentication existingAuth = this.securityContextHolderStrategy.getContext().getAuthentication();`