[
https://issues.apache.org/jira/browse/SLING-11825?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus updated SLING-11825:
------------------------------------
Description:
According to
https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()
the method {{getUserPrincipal}} is supposed to return
{quote}
null if the user has not been authenticated
{quote}
Unfortunately the implementation in
https://github.com/apache/sling-org-apache-sling-engine/blob/c31e3ad64cafa0e53f67ad7551b13dc7124ccff6/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java#L320
seems to violate this contract, as I always get back a non-null value (even if
the user was never authenticated).
The {{ResourceResolver.adaptTo(Principal.class}} will always return a non-null
value due to
https://github.com/apache/sling-org-apache-sling-jcr-resource/blob/685c50921085941f4cbb1a3ccdbf90bad0605527/src/main/java/org/apache/sling/jcr/resource/internal/helper/jcr/JcrResourceProvider.java#L617
was:
According to
https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()
the method {{getUserPrincipal}} is supposed to return
{quote}
null if the user has not been authenticated
{quote}
Unfortunately the implementation in
https://github.com/apache/sling-org-apache-sling-engine/blob/c31e3ad64cafa0e53f67ad7551b13dc7124ccff6/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java#L320
seems to violate this contract, as I always get back a non-null value (even if
the user was never authenticated)
> SlingHttpServletRequestImpl.getUserPrincipal() does not return null for
> anonymous requests
> ------------------------------------------------------------------------------------------
>
> Key: SLING-11825
> URL: https://issues.apache.org/jira/browse/SLING-11825
> Project: Sling
> Issue Type: Bug
> Components: Engine
> Affects Versions: Engine 2.14.0
> Reporter: Konrad Windszus
> Priority: Major
>
> According to
> https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()
> the method {{getUserPrincipal}} is supposed to return
> {quote}
> null if the user has not been authenticated
> {quote}
> Unfortunately the implementation in
> https://github.com/apache/sling-org-apache-sling-engine/blob/c31e3ad64cafa0e53f67ad7551b13dc7124ccff6/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java#L320
> seems to violate this contract, as I always get back a non-null value (even
> if the user was never authenticated).
> The {{ResourceResolver.adaptTo(Principal.class}} will always return a
> non-null value due to
> https://github.com/apache/sling-org-apache-sling-jcr-resource/blob/685c50921085941f4cbb1a3ccdbf90bad0605527/src/main/java/org/apache/sling/jcr/resource/internal/helper/jcr/JcrResourceProvider.java#L617
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
