From b70bd2c785d0976f10a3b1091ab7de6d01adb0a4 Mon Sep 17 00:00:00 2001
From: Piotr Macha <me@piotrmacha.pl>
Date: Wed, 7 May 2025 16:23:06 +0200
Subject: [PATCH] Fix null-unsafe check in BasicAuthenticationFilter

Signed-off-by: Piotr Macha <me@piotrmacha.pl>
---
 .../web/authentication/www/BasicAuthenticationFilter.java      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
index cf4e2ab5b14..85b2234cd62 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
@@ -217,7 +217,8 @@ protected boolean authenticationIsRequired(String username) {
 		// Only reauthenticate if username doesn't match SecurityContextHolder and user
 		// isn't authenticated (see SEC-53)
 		Authentication existingAuth = this.securityContextHolderStrategy.getContext().getAuthentication();
-		if (existingAuth == null || !existingAuth.getName().equals(username) || !existingAuth.isAuthenticated()) {
+		if (existingAuth == null || existingAuth.getName() == null || !existingAuth.getName().equals(username)
+				|| !existingAuth.isAuthenticated()) {
 			return true;
 		}
 		// Handle unusual condition where an AnonymousAuthenticationToken is already