ufal · kosarko · Nov 26, 2024 · Nov 21, 2024
diff --git a/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java b/dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java
@@ -565,7 +565,7 @@ protected EPerson findEPerson(Context context, HttpServletRequest request, Strin
 
         // 1) First, look for a netid header.
         if (netidHeaders != null) {
-            eperson = findEpersonByNetId(netidHeaders, shibheaders, eperson, ePersonService, context, true);
+            eperson = findEpersonByNetId(netidHeaders, shibheaders, ePersonService, context, true);
             if (eperson != null) {
                 foundNetID = true;
             }
@@ -1318,7 +1318,7 @@ public String getEmailAcceptedOrNull(String email) {
     /**
      * Find an EPerson by a NetID header. The method will go through all the netid headers and try to find a user.
      */
-    public static EPerson findEpersonByNetId(String[] netidHeaders, ShibHeaders shibheaders, EPerson eperson,
+    public static EPerson findEpersonByNetId(String[] netidHeaders, ShibHeaders shibheaders,
                                              EPersonService ePersonService, Context context, boolean logAllowed)
             throws SQLException {
         // Go through all the netid headers and try to find a user. It could be e.g., `eppn`, `persistent-id`,..
@@ -1329,19 +1329,20 @@ public static EPerson findEpersonByNetId(String[] netidHeaders, ShibHeaders shib
                 continue;
             }
 
-            eperson = ePersonService.findByNetid(context, netid);
+            EPerson eperson = ePersonService.findByNetid(context, netid);
 
             if (eperson == null && logAllowed) {
                 log.info(
                         "Unable to identify EPerson based upon Shibboleth netid header: '" + netidHeader +
                                 "'='" + netid + "'.");
-            } else {
+            } else if (eperson != null) {
                 log.debug(
                         "Identified EPerson based upon Shibboleth netid header: '" + netidHeader + "'='" +
                                 netid + "'" + ".");
+                return eperson;
             }
         }
-        return eperson;
+        return null;
     }
 
     /**

diff --git a/...webapp/src/main/java/org/dspace/app/rest/security/clarin/ClarinShibbolethLoginFilter.java b/...webapp/src/main/java/org/dspace/app/rest/security/clarin/ClarinShibbolethLoginFilter.java
@@ -167,7 +167,7 @@ public Authentication attemptAuthentication(HttpServletRequest req,
 
         EPerson ePerson = null;
         try {
-            ePerson = ClarinShibAuthentication.findEpersonByNetId(shib_headers.getNetIdHeaders(), shib_headers, ePerson,
+            ePerson = ClarinShibAuthentication.findEpersonByNetId(shib_headers.getNetIdHeaders(), shib_headers,
                     ePersonService, context, false);
         } catch (SQLException e) {
             // It is logged in the ClarinShibAuthentication class.