Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify behaviour for Principal when nobody is logged in #769

Closed
benjamin-confino opened this issue Feb 20, 2024 · 3 comments
Closed

Specify behaviour for Principal when nobody is logged in #769

benjamin-confino opened this issue Feb 20, 2024 · 3 comments

Comments

@benjamin-confino
Copy link
Contributor

I recently had a customer ask why we have CDI inject a Principal containing saying unauthenticated when HttpServletRequest.getUserPrincipal() will give a null in that context.

I think that unauthenticated is the correct choice for CDI, since we cannot inject a null and hope for it to remain up to date as the context changes, but I think it would be useful to clarify the spec on this point as the current behaviour is undefined.
@manovotn
Copy link
Contributor

This belongs to an EE integration part of the specification which is being moved into the umbrella spec (see jakartaee/platform#838).
We should probably keep track of it there instead.

@Ladicek
Copy link
Contributor

Ladicek commented Feb 21, 2024

What seems a bit weird to me is that the specification doesn't define the scope of the Principal bean. I guess it should be @RequestScoped, and that itself actually precludes a null value.

@starksm64 starksm64 mentioned this issue Feb 22, 2024
Open
@starksm64
Copy link
Contributor

Closing as this has been moved to jakartaee/platform#841

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@starksm64 @Ladicek @manovotn @benjamin-confino