Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-1403

WebContextImpl.getUser should use jaas user, and not assume that the user is available in the jcr repository

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 3.5 RC1
    • 3.0.1
    • security
    • None

    Description

      When the jaas authenticator has been set to use an external user repository, context.getUser() should work happily with that, without assuming that a user node exists in magnolia repository.

      WebContextImpl.getUser() instead always call UserManager().getUser() with the userid of the current jaas subject, with the following result:

      ERROR info.magnolia.cms.security.MgnlUserManager.getUser(MgnlUserManager.java:168) user not registered in magnolia itself [fgiust]
      INFO info.magnolia.cms.security.DummyUser.<init>(DummyUser.java:32) Initializing dummy user - Anonymous
      INFO info.magnolia.cms.security.DummyUser.<init>(DummyUser.java:33) This area and/or instance is not secured
      (magnolia shows "anonymous" everywhere, context.getUser() is also used in the main admincentral page)

      This is the current implementation:

      public User getUser() {
      if (this.user == null) {
      if (Authenticator.getSubject(request) == null)

      { log.debug("JAAS Subject is null, returning Anonymous user"); this.user = Security.getUserManager().getUser(UserManager.ANONYMOUS_USER); }

      else

      { this.user = Security.getUserManager().getUser(Authenticator.getSubject(request)); }

      }
      return this.user;
      }

      This should definitively be fixed to allow external users to work just like "normal" magnolia users. It should return an instance of ExternalUser which wrap jaas Subject.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              fgiust Fabrizio Giustina
              fgiust Fabrizio Giustina
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD