don't load user info for anonymous authentications, closes #895

2015-10-01 19:12:50 -04:00 · 2015-10-01 19:12:50 -04:00 · e1af979995
parent 74f5a248c7
commit e1af979995
1 changed files with 27 additions and 21 deletions
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
@ -28,6 +28,8 @@ import org.mitre.openid.connect.model.OIDCAuthenticationToken;
 import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.service.UserInfoService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationTrustResolver;
+import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
@ -60,6 +62,8 @@ public class UserInfoInterceptor extends HandlerInterceptorAdapter {
 	@Autowired (required = false)
 	private UserInfoService userInfoService;
 	
+	private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
+
 	@Override
 	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

@ -69,6 +73,7 @@ public class UserInfoInterceptor extends HandlerInterceptorAdapter {
 			request.setAttribute("userAuthorities", gson.toJson(auth.getAuthorities()));
 		}
 		
+		if (!trustResolver.isAnonymous(auth)) { // skip lookup on anonymous logins
 			if (auth instanceof OIDCAuthenticationToken) {
 				// if they're logging into this server from a remote OIDC server, pass through their user info
 				OIDCAuthenticationToken oidc = (OIDCAuthenticationToken) auth;
@ -93,6 +98,7 @@ public class UserInfoInterceptor extends HandlerInterceptorAdapter {
 					}
 				}
 			}
+		}

 		return true;
 	}