SLING-5483 : Unauthenticated request: getUserPrincipal() doesn't return null for auth.annonymous=true
diff --git a/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java b/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
index c2e876a..6e203cc 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
@@ -1287,8 +1287,10 @@
final HttpServletRequest request) {
// HttpService API required attributes
- request.setAttribute(ServletContextHelper.REMOTE_USER, resolver.getUserID());
request.setAttribute(ServletContextHelper.AUTHENTICATION_TYPE, authType);
+ if ( authType != null ) {
+ request.setAttribute(ServletContextHelper.REMOTE_USER, resolver.getUserID());
+ }
// resource resolver for down-stream use
request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);