[Security] allowed simple pre-auth to be optional if another auth mechanism already authenticated the user

fabpot · Seldaek · commit 471e5bc21a88 · 2013-05-08T15:02:51.000+02:00
diff --git a/src/Symfony/Component/Security/Http/Firewall/SimplePreAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/SimplePreAuthenticationListener.php
@@ -19,6 +19,7 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
 use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
@@ -71,6 +72,10 @@ public function handle(GetResponseEvent $event)
             $this->logger->info(sprintf('Attempting simple pre-authorization %s', $this->providerKey));
         }
 
+        if (null !== $this->context->getToken() && !$this->context->getToken() instanceof AnonymousToken) {
+            return;
+        }
+
         try {
             $token = $this->simpleAuthenticator->createToken($request, $this->providerKey);
             $token = $this->authenticationManager->authenticate($token);
