[
https://issues.apache.org/jira/browse/SLING-11825?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus reassigned SLING-11825:
---------------------------------------
Assignee: Konrad Windszus
> SlingHttpServletRequestImpl.getUserPrincipal() does not return null for
> anonymous requests
> ------------------------------------------------------------------------------------------
>
> Key: SLING-11825
> URL: https://issues.apache.org/jira/browse/SLING-11825
> Project: Sling
> Issue Type: Bug
> Components: Engine
> Affects Versions: Engine 2.14.0
> Reporter: Konrad Windszus
> Assignee: Konrad Windszus
> Priority: Major
> Fix For: Engine 2.14.2
>
>
> According to
> https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()
> the method {{getUserPrincipal}} is supposed to return
> {quote}
> null if the user has not been authenticated
> {quote}
> Unfortunately the implementation in
> https://github.com/apache/sling-org-apache-sling-engine/blob/c31e3ad64cafa0e53f67ad7551b13dc7124ccff6/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java#L320
> seems to violate this contract, as I always get back a non-null value (even
> if the user was never authenticated).
> The {{ResourceResolver.adaptTo(Principal.class)}} will always return a
> non-null value due to
> https://github.com/apache/sling-org-apache-sling-jcr-resource/blob/685c50921085941f4cbb1a3ccdbf90bad0605527/src/main/java/org/apache/sling/jcr/resource/internal/helper/jcr/JcrResourceProvider.java#L617
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
