You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by fp...@apache.org on 2019/05/17 05:39:53 UTC
[shiro] branch master updated: [SHIRO-661] Add check for the
principal of subject whether is null
This is an automated email from the ASF dual-hosted git repository.
fpapon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro.git
The following commit(s) were added to refs/heads/master by this push:
new 148eeb7 [SHIRO-661] Add check for the principal of subject whether is null
new cf8f43f Merge pull request #90 from plx927/feature/fix-formAuthenticationFilter
148eeb7 is described below
commit 148eeb7f4620a1da026cd04b3b499bbe1897989f
Author: panlingxiao <78...@qq.com>
AuthorDate: Thu Nov 8 00:49:52 2018 +0800
[SHIRO-661] Add check for the principal of subject whether is null
---
.../main/java/org/apache/shiro/subject/support/DelegatingSubject.java | 2 +-
.../java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java b/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java
index 0860ee2..406bec4 100644
--- a/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java
+++ b/core/src/main/java/org/apache/shiro/subject/support/DelegatingSubject.java
@@ -294,7 +294,7 @@ public class DelegatingSubject implements Subject {
}
public boolean isAuthenticated() {
- return authenticated;
+ return authenticated && hasPrincipals();
}
public boolean isRemembered() {
diff --git a/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java b/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
index 8f0abfa..d1f89a6 100644
--- a/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
+++ b/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
@@ -78,7 +78,7 @@ public abstract class AuthenticationFilter extends AccessControlFilter {
*/
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
Subject subject = getSubject(request, response);
- return subject.isAuthenticated();
+ return subject.isAuthenticated() && subject.getPrincipal() != null;
}
/**