You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lp...@apache.org on 2023/01/28 00:55:45 UTC

[shiro] branch main updated: feat(Jakarta EE): do not null out principal unless org.apache.shiro.servlet-no-principal = true is specified in web.xml

This is an automated email from the ASF dual-hosted git repository.

lprimak pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/shiro.git


The following commit(s) were added to refs/heads/main by this push:
     new e1510a51 feat(Jakarta EE): do not null out principal unless org.apache.shiro.servlet-no-principal = true is specified in web.xml
e1510a51 is described below

commit e1510a51da6a3d2de201415614fe8a528dd59987
Author: lprimak <le...@flowlogix.com>
AuthorDate: Fri Jan 27 16:54:48 2023 -0800

    feat(Jakarta EE): do not null out principal unless org.apache.shiro.servlet-no-principal = true is specified in web.xml
---
 .../src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java    | 7 ++++++-
 .../org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java  | 8 ++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java
index d6bbb8cd..b0daa091 100644
--- a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java
+++ b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/ShiroFilter.java
@@ -43,6 +43,7 @@ import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.experimental.Delegate;
 import lombok.extern.slf4j.Slf4j;
+import static org.apache.shiro.ee.listeners.EnvironmentLoaderListener.isServletNoPrincipal;
 import org.apache.shiro.mgt.DefaultSecurityManager;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.session.SessionException;
@@ -89,7 +90,11 @@ public class ShiroFilter extends org.apache.shiro.web.servlet.ShiroFilter {
 
         @Override
         public Principal getUserPrincipal() {
-            return null;
+            if (isServletNoPrincipal(servletContext)) {
+                return null;
+            } else {
+                return super.getUserPrincipal();
+            }
         }
 
         @Override
diff --git a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java
index 83d5ef49..1890d165 100644
--- a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java
+++ b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java
@@ -30,6 +30,7 @@ import org.apache.shiro.web.env.WebEnvironment;
 public class EnvironmentLoaderListener extends EnvironmentLoader implements ServletContextListener {
     private static final String SHIRO_EE_DISABLED_PARAM = "org.apache.shiro.ee.disabled";
     private static final String FORM_RESUBMIT_DISABLED_PARAM = "org.apache.shiro.form-resubmit.disabled";
+    private static final String SHIRO_EE_SERVLET_NO_PRINCIPAL_PARAM = "org.apache.shiro.servlet-no-principal";
 
     public static boolean isShiroEEDisabled(ServletContext ctx) {
         return Boolean.TRUE.equals(ctx.getAttribute(SHIRO_EE_DISABLED_PARAM));
@@ -39,11 +40,18 @@ public class EnvironmentLoaderListener extends EnvironmentLoader implements Serv
         return Boolean.TRUE.equals(ctx.getAttribute(FORM_RESUBMIT_DISABLED_PARAM));
     }
 
+    public static boolean isServletNoPrincipal(ServletContext ctx) {
+        return Boolean.TRUE.equals(ctx.getAttribute(SHIRO_EE_SERVLET_NO_PRINCIPAL_PARAM));
+    }
+
     @Override
     public void contextInitialized(ServletContextEvent sce) {
         if (Boolean.parseBoolean(sce.getServletContext().getInitParameter(SHIRO_EE_DISABLED_PARAM))) {
             sce.getServletContext().setAttribute(SHIRO_EE_DISABLED_PARAM, Boolean.TRUE);
         }
+        if (Boolean.parseBoolean(sce.getServletContext().getInitParameter(SHIRO_EE_SERVLET_NO_PRINCIPAL_PARAM))) {
+            sce.getServletContext().setAttribute(SHIRO_EE_SERVLET_NO_PRINCIPAL_PARAM, Boolean.TRUE);
+        }
         if (!isShiroEEDisabled(sce.getServletContext())) {
             sce.getServletContext().setSessionTrackingModes(Set.of(COOKIE));
             initEnvironment(sce.getServletContext());