Details
-
Bug
-
Resolution: Fixed
-
Major
-
3.0.1
-
None
Description
When the jaas authenticator has been set to use an external user repository, context.getUser() should work happily with that, without assuming that a user node exists in magnolia repository.
WebContextImpl.getUser() instead always call UserManager().getUser() with the userid of the current jaas subject, with the following result:
ERROR info.magnolia.cms.security.MgnlUserManager.getUser(MgnlUserManager.java:168) user not registered in magnolia itself [fgiust]
INFO info.magnolia.cms.security.DummyUser.<init>(DummyUser.java:32) Initializing dummy user - Anonymous
INFO info.magnolia.cms.security.DummyUser.<init>(DummyUser.java:33) This area and/or instance is not secured
(magnolia shows "anonymous" everywhere, context.getUser() is also used in the main admincentral page)
This is the current implementation:
public User getUser() {
if (this.user == null) {
if (Authenticator.getSubject(request) == null)
else
{ this.user = Security.getUserManager().getUser(Authenticator.getSubject(request)); } }
return this.user;
}
This should definitively be fixed to allow external users to work just like "normal" magnolia users. It should return an instance of ExternalUser which wrap jaas Subject.