com.atlassian.sal.jira.user.DefaultUserManager#getRemoteUser() breaks interface contract for anonymous users

Since time immemorial, the standard behaviour of Atlassian's user management subsystems has been to use null to represent an anonymous user context.

This has been codified in the SAL interface javadoc for the com.atlassian.sal.api.user.UserManager interface. For example, the textual contract for the #getRemoteUser() method states:

/**
 * Returns the profile of the currently logged in user or null if no user can be found.
 * <p/>
 * Getting the full {@link UserProfile} may have performance implications in some applications. Consider using {@link #getRemoteUserKey()} if you don't need the full object.
 *
 * @return the {@link UserProfile} of the logged in user or null
 * @see #getRemoteUserKey()
 * @since 2.10
 */
@Nullable
UserProfile getRemoteUser();

The SAL UserManager API and the underlying JIRA implementation of UserManager were changed in JIRA 6.0 to support renaming users. This change has broken the textual contract of the #getRemoteUser() method in JIRA, which no longer returns null for anonymous users.

This appears to simply be an oversight in the JIRA implementation:

@Override
public UserProfile getRemoteUser()
{
    return new JiraUserProfile(jiraAuthenticationContext.getUser());
}

This method should return null if the value returned from jiraAuthenticationContext.getUser() also returns null.

This subtle change in behaviour can end up with add-on developers getting a stack-trace like this:

java.lang.NullPointerException
	at com.atlassian.sal.jira.user.DefaultUserManager$JiraUserProfile.getUsername(DefaultUserManager.java:253)
	at com.atlassian.jira.examples.ExampleServlet.doGet(ExampleServlet.java:78)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
	at com.atlassian.plugin.servlet.DelegatingPluginServlet.service(DelegatingPluginServlet.java:42)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
	at com.atlassian.plugin.servlet.ServletModuleContainerServlet.service(ServletModuleContainerServlet.java:52)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
...

This change may cause unexpected side effects in Atlassian-authored and third-party JIRA add-ons and should be corrected ASAP. This bug would only be detected through explicit testing, since this change is not mentioned in the Preparing for JIRA 6.0 guide or the Renamable Users in JIRA 6.0 guide.