Anonymous requests fail if controller accesses Principal #51
Description
Describe the bug
For request without login, some controller functions fail before checking for GUEST privileges, because the supplied principal in the
controller function is null.
To Reproduce
Create Issue without JWT. API fails with
Cannot invoke "java.security.Principal.getName()" because "principal" is null
because the controller function tried to convert the UUID in the not existing token to a user object.
(See IssueController newIssue)
Expected behavior
API should check for privileges of the GUEST role and allow the request if the privilege is set or deny it if not.
Maybe it is possible to perform the User-Resolution for Requests without JWT before the controller function is executed.
Currently it is performed before the Service function is executed. However, since the object is accessed already in the controller this resolution fails.