You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@shiro.apache.org by fp...@apache.org on 2019/05/17 05:39:53 UTC

[shiro] branch master updated: [SHIRO-661] Add check for the principal of subject whether is null

This is an automated email from the ASF dual-hosted git repository.

fpapon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro.git


The following commit(s) were added to refs/heads/master by this push:
     new 148eeb7  [SHIRO-661] Add check for the principal of subject whether is null
     new cf8f43f  Merge pull request #90 from plx927/feature/fix-formAuthenticationFilter
148eeb7 is described below

commit 148eeb7f4620a1da026cd04b3b499bbe1897989f
Author: panlingxiao <78...@qq.com>
AuthorDate: Thu Nov 8 00:49:52 2018 +0800

    [SHIRO-661] Add check for the principal of subject whether is null
---
 .../main/java/org/apache/shiro/subject/support/DelegatingSubject.java   | 2 +-
 .../java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java b/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java
index 0860ee2..406bec4 100644
--- a/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java
+++ b/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java
@@ -294,7 +294,7 @@ public class DelegatingSubject implements Subject {
     }
 
     public boolean isAuthenticated() {
-        return authenticated;
+        return authenticated && hasPrincipals();
     }
 
     public boolean isRemembered() {
diff --git a/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java b/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
index 8f0abfa..d1f89a6 100644
--- a/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
+++ b/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
@@ -78,7 +78,7 @@ public abstract class AuthenticationFilter extends AccessControlFilter {
      */
     protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
         Subject subject = getSubject(request, response);
-        return subject.isAuthenticated();
+        return subject.isAuthenticated() && subject.getPrincipal() != null;
     }
 
     /**