-
Improvement
-
Resolution: Fixed
-
Neutral
-
4.5.3
-
None
Since the upgrade to Magnolia 4.5 (which is not quite finished but almost, we hope) we see in the logs:
MgnlUserManager.java(findPrincipalNode:291) 17.07.2012 14:27:31 More than one user found with name [{}] in realm [{}]
Our security configuration in Magnolia looks fine so I do wonder if there actually is anything wrong. Looking at the code in question I wonder if this code is actually ok as it is?
/**
* Helper method to find a user in a certain realm. Uses JCR Query.
*/
@Override
protected Node findPrincipalNode(String name, Session session) throws RepositoryException {
String realmName = getRealmName();
final String where;
// the all realm searches the repository
if (Realm.REALM_ALL.getName().equals(realmName)) {
where = "where name() = '" + name + "'";
} else {
// FIXME: DOUBLE CHECK THE QUERY FOR REALMS ... ISDESCENDANTNODE and NAME ....
where = "where name() = '" + name + "' and isdescendantnode(['/" + realmName + "'])";
// where = "where [jcr:path] = '/" + realm + "/" + name + "'"
// + " or [jcr:path] like '/" + realm + "/%/" + name + "'";
}
final String statement = "select * from [" + MgnlNodeType.USER + "] " + where;
Query query = session.getWorkspace().getQueryManager().createQuery(statement, Query.JCR_SQL2);
NodeIterator iter = query.execute().getNodes();
Node user = null;
while (iter.hasNext()) {
Node node = iter.nextNode();
if (node.isNodeType(ItemType.USER.getSystemName())) {
user = node;
break;
}
}
if (iter.hasNext()) {
log.error("More than one user found with name [{}] in realm [{}]");
}
return user;
}
In any case could you guys have a look at this code and at the very least make the log line output the name and realm in question (this is forgotten in the code):
log.error("More than one user found with name [{" + name + "}] in realm [{" + realmName + "}]");
Acceptance criteria
