FINERACT-2391: check for AppUser type before casting Authentication Principal

nick9822 · adamsaghy · commit f193bbbdf143 · 2025-10-15T15:02:25.000+02:00
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/domain/AuditorAwareImpl.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/domain/AuditorAwareImpl.java
@@ -35,7 +35,7 @@ public Optional<Long> getCurrentAuditor() {
         final SecurityContext securityContext = SecurityContextHolder.getContext();
         if (securityContext != null) {
             final Authentication authentication = securityContext.getAuthentication();
-            if (authentication != null) {
+            if (authentication != null && authentication.getPrincipal() instanceof AppUser) {
                 currentUserId = Optional.ofNullable(((AppUser) authentication.getPrincipal()).getId());
             } else {
                 currentUserId = retrieveSuperUser();
