You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lp...@apache.org on 2023/01/28 00:55:45 UTC
[shiro] branch main updated: feat(Jakarta EE): do not null out principal unless org.apache.shiro.servlet-no-principal = true is specified in web.xml
This is an automated email from the ASF dual-hosted git repository.
lprimak pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/shiro.git
The following commit(s) were added to refs/heads/main by this push:
new e1510a51 feat(Jakarta EE): do not null out principal unless org.apache.shiro.servlet-no-principal = true is specified in web.xml
e1510a51 is described below
commit e1510a51da6a3d2de201415614fe8a528dd59987
Author: lprimak <le...@flowlogix.com>
AuthorDate: Fri Jan 27 16:54:48 2023 -0800
feat(Jakarta EE): do not null out principal unless org.apache.shiro.servlet-no-principal = true is specified in web.xml
---
.../src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java | 7 ++++++-
.../org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java | 8 ++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java
index d6bbb8cd..b0daa091 100644
--- a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java
+++ b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java
@@ -43,6 +43,7 @@ import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
import lombok.experimental.Delegate;
import lombok.extern.slf4j.Slf4j;
+import static org.apache.shiro.ee.listeners.EnvironmentLoaderListener.isServletNoPrincipal;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.SessionException;
@@ -89,7 +90,11 @@ public class ShiroFilter extends org.apache.shiro.web.servlet.ShiroFilter {
@Override
public Principal getUserPrincipal() {
- return null;
+ if (isServletNoPrincipal(servletContext)) {
+ return null;
+ } else {
+ return super.getUserPrincipal();
+ }
}
@Override
diff --git a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java
index 83d5ef49..1890d165 100644
--- a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java
+++ b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java
@@ -30,6 +30,7 @@ import org.apache.shiro.web.env.WebEnvironment;
public class EnvironmentLoaderListener extends EnvironmentLoader implements ServletContextListener {
private static final String SHIRO_EE_DISABLED_PARAM = "org.apache.shiro.ee.disabled";
private static final String FORM_RESUBMIT_DISABLED_PARAM = "org.apache.shiro.form-resubmit.disabled";
+ private static final String SHIRO_EE_SERVLET_NO_PRINCIPAL_PARAM = "org.apache.shiro.servlet-no-principal";
public static boolean isShiroEEDisabled(ServletContext ctx) {
return Boolean.TRUE.equals(ctx.getAttribute(SHIRO_EE_DISABLED_PARAM));
@@ -39,11 +40,18 @@ public class EnvironmentLoaderListener extends EnvironmentLoader implements Serv
return Boolean.TRUE.equals(ctx.getAttribute(FORM_RESUBMIT_DISABLED_PARAM));
}
+ public static boolean isServletNoPrincipal(ServletContext ctx) {
+ return Boolean.TRUE.equals(ctx.getAttribute(SHIRO_EE_SERVLET_NO_PRINCIPAL_PARAM));
+ }
+
@Override
public void contextInitialized(ServletContextEvent sce) {
if (Boolean.parseBoolean(sce.getServletContext().getInitParameter(SHIRO_EE_DISABLED_PARAM))) {
sce.getServletContext().setAttribute(SHIRO_EE_DISABLED_PARAM, Boolean.TRUE);
}
+ if (Boolean.parseBoolean(sce.getServletContext().getInitParameter(SHIRO_EE_SERVLET_NO_PRINCIPAL_PARAM))) {
+ sce.getServletContext().setAttribute(SHIRO_EE_SERVLET_NO_PRINCIPAL_PARAM, Boolean.TRUE);
+ }
if (!isShiroEEDisabled(sce.getServletContext())) {
sce.getServletContext().setSessionTrackingModes(Set.of(COOKIE));
initEnvironment(sce.getServletContext());