Check session salt in shib auth

dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java

@@ -227,6 +227,10 @@ public class ShibAuthentication implements AuthenticationMethod {
                 return AuthenticationMethod.NO_SUCH_USER;
             }
 
+            if (eperson != null && StringUtils.isNotBlank(eperson.getSessionSalt())) {
+                return AuthenticationMethod.NO_SUCH_USER;
+            }
+
             // Step 3: Update User's Metadata
             updateEPerson(context, request, eperson);
 

dspace-server-webapp/src/main/java/org/dspace/app/rest/security/StatelessLoginFilter.java

@@ -15,7 +15,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;