Fix null-unsafe check in BasicAuthenticationFilter

piotrmacha · piotrmacha · commit b70bd2c785d0 · 2025-05-07T16:24:14.000+02:00
Signed-off-by: Piotr Macha &lt;me@piotrmacha.pl&gt;
diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
@@ -217,7 +217,8 @@ protected boolean authenticationIsRequired(String username) {
 		// Only reauthenticate if username doesn't match SecurityContextHolder and user
 		// isn't authenticated (see SEC-53)
 		Authentication existingAuth = this.securityContextHolderStrategy.getContext().getAuthentication();
-		if (existingAuth == null || !existingAuth.getName().equals(username) || !existingAuth.isAuthenticated()) {
+		if (existingAuth == null || existingAuth.getName() == null || !existingAuth.getName().equals(username)
+				|| !existingAuth.isAuthenticated()) {
 			return true;
 		}
 		// Handle unusual condition where an AnonymousAuthenticationToken is already
