From d4f100776a7521fac937193adef2b08cf20d796c Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Sat, 11 Feb 2012 16:36:37 +0100
Subject: [PATCH] do not call the authentication mechanism if the user is
 already authenticated

---
 .../scm/web/filter/BasicAuthenticationFilter.java      | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java b/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
index f9ffbf551b..a3b6ef5465 100644
--- a/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
@@ -120,7 +120,11 @@ public class BasicAuthenticationFilter extends HttpFilter
     User user = null;
     String authentication = request.getHeader(HEADER_AUTHORIZATION);
 
-    if (Util.isNotEmpty(authentication))
+    if (securityContext.isAuthenticated())
+    {
+      user = securityContext.getUser();
+    }
+    else if (Util.isNotEmpty(authentication))
     {
       if (!authentication.toUpperCase().startsWith(AUTHORIZATION_BASIC_PREFIX))
       {
@@ -129,10 +133,6 @@ public class BasicAuthenticationFilter extends HttpFilter
 
       user = authenticate(request, response, securityContext, authentication);
     }
-    else if (securityContext.isAuthenticated())
-    {
-      user = securityContext.getUser();
-    }
 
     if (user == null)
     {