-
Improvement
-
Resolution: Fixed
-
Neutral
-
4.5.3
-
None
Since the upgrade to Magnolia 4.5 (which is not quite finished but almost, we hope) we see in the logs:
MgnlUserManager.java(findPrincipalNode:291) 17.07.2012 14:27:31 More than one user found with name [{}] in realm [{}]
Our security configuration in Magnolia looks fine so I do wonder if there actually is anything wrong. Looking at the code in question I wonder if this code is actually ok as it is?
/** * Helper method to find a user in a certain realm. Uses JCR Query. */ @Override protected Node findPrincipalNode(String name, Session session) throws RepositoryException { String realmName = getRealmName(); final String where; // the all realm searches the repository if (Realm.REALM_ALL.getName().equals(realmName)) { where = "where name() = '" + name + "'"; } else { // FIXME: DOUBLE CHECK THE QUERY FOR REALMS ... ISDESCENDANTNODE and NAME .... where = "where name() = '" + name + "' and isdescendantnode(['/" + realmName + "'])"; // where = "where [jcr:path] = '/" + realm + "/" + name + "'" // + " or [jcr:path] like '/" + realm + "/%/" + name + "'"; } final String statement = "select * from [" + MgnlNodeType.USER + "] " + where; Query query = session.getWorkspace().getQueryManager().createQuery(statement, Query.JCR_SQL2); NodeIterator iter = query.execute().getNodes(); Node user = null; while (iter.hasNext()) { Node node = iter.nextNode(); if (node.isNodeType(ItemType.USER.getSystemName())) { user = node; break; } } if (iter.hasNext()) { log.error("More than one user found with name [{}] in realm [{}]"); } return user; }
In any case could you guys have a look at this code and at the very least make the log line output the name and realm in question (this is forgotten in the code):
log.error("More than one user found with name [{" + name + "}] in realm [{" + realmName + "}]");
Acceptance criteria