Hi Angela, Thanks for the insights,
> On 12. Apr 2023, at 11:15, Angela Schreiber <[email protected]> wrote: > > Hi Konrad > > There is no public API to check that as it is an implementation detail that > the unauthenticated guest session is in oak backed by a user. > > So, I suspect the question you want to have an answer for is whether a given > JCR session is an unauthenticated guest session or not. Is that correct? Exactly! > > In the context of a Sling request the API to call would be > https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/HttpServletRequest.html#getUserPrincipal-- > : a null return value corresponds to the anonymous access. > This does not work for me. I get back org.apache.jackrabbit.oak.security.user.TreeBasedPrincipal:anonymous (In AEM) But it seems that https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser() works, i.e. returns null for anonymous users. > In Jcr/Oak no corresponding method exist as it usually does not matter > through which authentication mechanism a given session has been obtained. In my case retrieving the session is done under the hood (by Sling), so I need to use some API to do that check. > > But maybe you want to share a bit of context on what you aim to achieve? > > Kind regards > Angela > > > ________________________________ > From: Konrad Windszus <[email protected]> > Sent: Wednesday, April 12, 2023 10:49 > To: [email protected] <[email protected]> > Subject: How to check if user is anonymous > > EXTERNAL: Use caution when clicking on links or opening attachments. > > > How do I figure out if a org.apache.jackrabbit.api.security.user.User object > is representing the anonymous user[1] or not. > Unfortunately the interface only has methods isAdmin and isSystemUser [2] > Any pointers appreciated. > Thanks in advance, > Konrad > > > [1] - > https://jackrabbit.apache.org/oak/docs/security/user/default.html#anonymous-user > [2] - > https://javadoc.io/doc/org.apache.jackrabbit/oak-jackrabbit-api/latest/org/apache/jackrabbit/api/security/user/User.html
