Konrad Windszus created SLING-11825:
---------------------------------------
Summary: SlingHttpServletRequestImpl.getUserPrincipal() does not
return null for anonymous requests
Key: SLING-11825
URL: https://issues.apache.org/jira/browse/SLING-11825
Project: Sling
Issue Type: Bug
Components: Engine
Affects Versions: Engine 2.14.0
Reporter: Konrad Windszus
According to
https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()
the method {{getUserPrincipal}} is supposed to return
{quote}
null if the user has not been authenticated
{quote}
Unfortunately the implementation in
https://github.com/apache/sling-org-apache-sling-engine/blob/c31e3ad64cafa0e53f67ad7551b13dc7124ccff6/src/main/java/org/apache/sling/engine/impl/SlingHttpServletRequestImpl.java#L320
seems to violate this contract, as I always get back a non-null value (even if
the user was never authenticated)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
