Hi Konrad There is no public API to check that as it is an implementation detail that the unauthenticated guest session is in oak backed by a user.
So, I suspect the question you want to have an answer for is whether a given JCR session is an unauthenticated guest session or not. Is that correct? In the context of a Sling request the API to call would be https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/HttpServletRequest.html#getUserPrincipal-- : a null return value corresponds to the anonymous access. In Jcr/Oak no corresponding method exist as it usually does not matter through which authentication mechanism a given session has been obtained. But maybe you want to share a bit of context on what you aim to achieve? Kind regards Angela ________________________________ From: Konrad Windszus <[email protected]> Sent: Wednesday, April 12, 2023 10:49 To: [email protected] <[email protected]> Subject: How to check if user is anonymous EXTERNAL: Use caution when clicking on links or opening attachments. How do I figure out if a org.apache.jackrabbit.api.security.user.User object is representing the anonymous user[1] or not. Unfortunately the interface only has methods isAdmin and isSystemUser [2] Any pointers appreciated. Thanks in advance, Konrad [1] - https://jackrabbit.apache.org/oak/docs/security/user/default.html#anonymous-user [2] - https://javadoc.io/doc/org.apache.jackrabbit/oak-jackrabbit-api/latest/org/apache/jackrabbit/api/security/user/User.html
