Details
-
Bug
-
Resolution: Won't Do
-
Neutral
-
None
-
5.3.12
-
None
-
None
Description
When logging in with REALM_ALL, DelegatingUserManager is used to try all available user managers.
This works fine. As can be seen in the code below, initUser() is called and a user is found.
Later in this method, a call is made to
getUserManager().updateLastAccessTimestamp(user);
This is where the error happens. updateLastAccessTimestamp again uses DelegatingUserManager, instead it should use the user manager which found the user. The realm to be used is already set in the user object, but unfortunately ignored.
/**
* Checks is the credentials exist in the repository.
* @throws LoginException or specific subclasses (which will be handled further for user feedback)
*/
@Override
public void validateUser() throws LoginException {
initUser();
if (this.user == null) {
throw new AccountNotFoundException("User account " + this.name + " not found.");
}
if (!this.user.isEnabled()) {
throw new AccountLockedException("User account " + this.name + " is locked.");
}
matchPassword();
if (!UserManager.ANONYMOUS_USER.equals(user.getName())) {
// update last access date for all non anonymous users
getUserManager().updateLastAccessTimestamp(user);
}
}
Checklists
Acceptance criteria