From ffb59ac6b1732d457d9dc726c6f0a8a9b9302a43 Mon Sep 17 00:00:00 2001
From: shazin <shazin.sadakath@gmail.com>
Date: Tue, 15 Mar 2022 19:40:03 +0530
Subject: [PATCH] Enabling authenticationIsRequired to be overridden for custom
 checks. Fixes #10347

---
 .../web/authentication/www/BasicAuthenticationFilter.java       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
index c014455bfac..87baa757665 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java
@@ -198,7 +198,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 		chain.doFilter(request, response);
 	}
 
-	private boolean authenticationIsRequired(String username) {
+	protected boolean authenticationIsRequired(String username) {
 		// Only reauthenticate if username doesn't match SecurityContextHolder and user
 		// isn't authenticated (see SEC-53)
 		Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();