This is an automated email from the ASF dual-hosted git repository. kwin pushed a commit to branch bugfix/request-getuserprincipal-must-be-null-for-anonymous in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-engine.git
commit f8be4e2325e71bf8f56b9369a9f548f8a5e1a1b2 Author: Konrad Windszus <[email protected]> AuthorDate: Thu Apr 13 15:57:15 2023 +0200 SLING-11825 SlingHttpServletRequestImpl.getUserPrincipal() must return null for unauthenticated requests --- .../apache/sling/engine/impl/SlingHttpServletRequestImpl.java | 4 ++++ .../sling/engine/impl/SlingHttpServletRequestImplTest.java | 11 +++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java b/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java index 8d02dc8..4cf394c 100644 --- a/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java +++ b/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java @@ -318,6 +318,10 @@ public class SlingHttpServletRequestImpl extends HttpServletRequestWrapper imple */ @Override public Principal getUserPrincipal() { + // always return null for anonymous user + if (this.getRemoteUser() == null) { + return null; + } Principal principal = getResourceResolver().adaptTo(Principal.class); if (principal != null) { return principal; diff --git a/src/test/java/org/apache/sling/engine/impl/SlingHttpServletRequestImplTest.java b/src/test/java/org/apache/sling/engine/impl/SlingHttpServletRequestImplTest.java index d01eb52..75e73ca 100644 --- a/src/test/java/org/apache/sling/engine/impl/SlingHttpServletRequestImplTest.java +++ b/src/test/java/org/apache/sling/engine/impl/SlingHttpServletRequestImplTest.java @@ -50,7 +50,7 @@ public class SlingHttpServletRequestImplTest { }}; @Test - public void getUserPrincipal_test() { + public void getUserPrincipal_testWithRemoteUserFallback() { final HttpServletRequest servletRequest = context.mock(HttpServletRequest.class); context.checking(new Expectations() {{ @@ -77,7 +77,7 @@ public class SlingHttpServletRequestImplTest { } @Test - public void getUserPrincipal_test2() { + public void getUserPrincipal_testUnauthenticated() { final HttpServletRequest servletRequest = context.mock(HttpServletRequest.class); context.checking(new Expectations() {{ @@ -91,12 +91,13 @@ public class SlingHttpServletRequestImplTest { final RequestData requestData = context.mock(RequestData.class, "requestData"); final ResourceResolver resourceResolver = context.mock(ResourceResolver.class); + final Principal principal = context.mock(Principal.class); context.checking(new Expectations() {{ allowing(requestData).getResourceResolver(); will(returnValue(resourceResolver)); allowing(resourceResolver).adaptTo(Principal.class); - will(returnValue(null)); + will(returnValue(principal)); }}); slingHttpServletRequestImpl = new SlingHttpServletRequestImpl(requestData, servletRequest); @@ -104,7 +105,7 @@ public class SlingHttpServletRequestImplTest { } @Test - public void getUserPrincipal_test3() { + public void getUserPrincipal_testWithPrincipal() { final HttpServletRequest servletRequest = context.mock(HttpServletRequest.class); context.checking(new Expectations() {{ @@ -112,6 +113,8 @@ public class SlingHttpServletRequestImplTest { will(returnValue("/path")); allowing(servletRequest).getPathInfo(); will(returnValue("/path")); + allowing(servletRequest).getRemoteUser(); + will(returnValue("remoteUser")); }}); final RequestData requestData = context.mock(RequestData.class, "requestData");
