This is an automated email from the ASF dual-hosted git repository.
kwin pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-engine.git
The following commit(s) were added to refs/heads/master by this push:
new 35e0fb2 SLING-11825 SlingHttpServletRequestImpl.getUserPrincipal()
must return null for unauthenticated requests
35e0fb2 is described below
commit 35e0fb2c8679bbc10e64f4219c98a483ac0824e6
Author: Konrad Windszus <[email protected]>
AuthorDate: Thu Apr 13 15:57:15 2023 +0200
SLING-11825 SlingHttpServletRequestImpl.getUserPrincipal() must return
null for unauthenticated requests
---
.../apache/sling/engine/impl/SlingHttpServletRequestImpl.java | 4 ++++
.../sling/engine/impl/SlingHttpServletRequestImplTest.java | 11 +++++++----
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git
a/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java
b/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java
index 8d02dc8..4cf394c 100644
---
a/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java
+++
b/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java
@@ -318,6 +318,10 @@ public class SlingHttpServletRequestImpl extends
HttpServletRequestWrapper imple
*/
@Override
public Principal getUserPrincipal() {
+ // always return null for anonymous user
+ if (this.getRemoteUser() == null) {
+ return null;
+ }
Principal principal = getResourceResolver().adaptTo(Principal.class);
if (principal != null) {
return principal;
diff --git
a/src/test/java/org/apache/sling/engine/impl/SlingHttpServletRequestImplTest.java
b/src/test/java/org/apache/sling/engine/impl/SlingHttpServletRequestImplTest.java
index d01eb52..75e73ca 100644
---
a/src/test/java/org/apache/sling/engine/impl/SlingHttpServletRequestImplTest.java
+++
b/src/test/java/org/apache/sling/engine/impl/SlingHttpServletRequestImplTest.java
@@ -50,7 +50,7 @@ public class SlingHttpServletRequestImplTest {
}};
@Test
- public void getUserPrincipal_test() {
+ public void getUserPrincipal_testWithRemoteUserFallback() {
final HttpServletRequest servletRequest =
context.mock(HttpServletRequest.class);
context.checking(new Expectations() {{
@@ -77,7 +77,7 @@ public class SlingHttpServletRequestImplTest {
}
@Test
- public void getUserPrincipal_test2() {
+ public void getUserPrincipal_testUnauthenticated() {
final HttpServletRequest servletRequest =
context.mock(HttpServletRequest.class);
context.checking(new Expectations() {{
@@ -91,12 +91,13 @@ public class SlingHttpServletRequestImplTest {
final RequestData requestData = context.mock(RequestData.class,
"requestData");
final ResourceResolver resourceResolver =
context.mock(ResourceResolver.class);
+ final Principal principal = context.mock(Principal.class);
context.checking(new Expectations() {{
allowing(requestData).getResourceResolver();
will(returnValue(resourceResolver));
allowing(resourceResolver).adaptTo(Principal.class);
- will(returnValue(null));
+ will(returnValue(principal));
}});
slingHttpServletRequestImpl = new
SlingHttpServletRequestImpl(requestData, servletRequest);
@@ -104,7 +105,7 @@ public class SlingHttpServletRequestImplTest {
}
@Test
- public void getUserPrincipal_test3() {
+ public void getUserPrincipal_testWithPrincipal() {
final HttpServletRequest servletRequest =
context.mock(HttpServletRequest.class);
context.checking(new Expectations() {{
@@ -112,6 +113,8 @@ public class SlingHttpServletRequestImplTest {
will(returnValue("/path"));
allowing(servletRequest).getPathInfo();
will(returnValue("/path"));
+ allowing(servletRequest).getRemoteUser();
+ will(returnValue("remoteUser"));
}});
final RequestData requestData = context.mock(RequestData.class,
"requestData");
