[shiro] branch master updated: [SHIRO-661] Add check for the principal of subject whether is null

Thu, 16 May 2019 22:40:55 -0700 

This is an automated email from the ASF dual-hosted git repository.

fpapon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro.git


The following commit(s) were added to refs/heads/master by this push:
     new 148eeb7  [SHIRO-661] Add check for the principal of subject whether is 
null
     new cf8f43f  Merge pull request #90 from 
plx927/feature/fix-formAuthenticationFilter
148eeb7 is described below

commit 148eeb7f4620a1da026cd04b3b499bbe1897989f
Author: panlingxiao <[email protected]>
AuthorDate: Thu Nov 8 00:49:52 2018 +0800

    [SHIRO-661] Add check for the principal of subject whether is null
---
 .../main/java/org/apache/shiro/subject/support/DelegatingSubject.java   | 2 +-
 .../java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git 
a/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java 
b/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java
index 0860ee2..406bec4 100644
--- a/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java
+++ b/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java
@@ -294,7 +294,7 @@ public class DelegatingSubject implements Subject {
     }
 
     public boolean isAuthenticated() {
-        return authenticated;
+        return authenticated && hasPrincipals();
     }
 
     public boolean isRemembered() {
diff --git 
a/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java 
b/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
index 8f0abfa..d1f89a6 100644
--- 
a/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
+++ 
b/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
@@ -78,7 +78,7 @@ public abstract class AuthenticationFilter extends 
AccessControlFilter {
      */
     protected boolean isAccessAllowed(ServletRequest request, ServletResponse 
response, Object mappedValue) {
         Subject subject = getSubject(request, response);
-        return subject.isAuthenticated();
+        return subject.isAuthenticated() && subject.getPrincipal() != null;
     }
 
     /**

Reply via email to