[MAGNOLIA-4478] Improve "More than one user found with name [{}] in realm [{}]" error message Created: 17/Jul/12 Updated: 31/Jul/12 Resolved: 31/Jul/12 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | security |
| Affects Version/s: | 4.5.3 |
| Fix Version/s: | 4.5.5 |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Edgar Vonk | Assignee: | Milan Divilek |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Date of First Response: |
| Description |
|
Since the upgrade to Magnolia 4.5 (which is not quite finished but almost, we hope) we see in the logs: MgnlUserManager.java(findPrincipalNode:291) 17.07.2012 14:27:31 More than one user found with name [{}] in realm [{}]
Our security configuration in Magnolia looks fine so I do wonder if there actually is anything wrong. Looking at the code in question I wonder if this code is actually ok as it is? /**
* Helper method to find a user in a certain realm. Uses JCR Query.
*/
@Override
protected Node findPrincipalNode(String name, Session session) throws RepositoryException {
String realmName = getRealmName();
final String where;
// the all realm searches the repository
if (Realm.REALM_ALL.getName().equals(realmName)) {
where = "where name() = '" + name + "'";
} else {
// FIXME: DOUBLE CHECK THE QUERY FOR REALMS ... ISDESCENDANTNODE and NAME ....
where = "where name() = '" + name + "' and isdescendantnode(['/" + realmName + "'])";
// where = "where [jcr:path] = '/" + realm + "/" + name + "'"
// + " or [jcr:path] like '/" + realm + "/%/" + name + "'";
}
final String statement = "select * from [" + MgnlNodeType.USER + "] " + where;
Query query = session.getWorkspace().getQueryManager().createQuery(statement, Query.JCR_SQL2);
NodeIterator iter = query.execute().getNodes();
Node user = null;
while (iter.hasNext()) {
Node node = iter.nextNode();
if (node.isNodeType(ItemType.USER.getSystemName())) {
user = node;
break;
}
}
if (iter.hasNext()) {
log.error("More than one user found with name [{}] in realm [{}]");
}
return user;
}
In any case could you guys have a look at this code and at the very least make the log line output the name and realm in question (this is forgotten in the code): log.error("More than one user found with name [{" + name + "}] in realm [{" + realmName + "}]"); |
| Comments |
| Comment by Edgar Vonk [ 17/Jul/12 ] |
|
Ah, turned out we had two superusers in our system. No idea why. I think Magnolia during the upgrade to 4.5 decided that it needed to create a second superuser. Took us ages to figure out, also because by default Magnolia does not offer a JCR repository view of the users (nor usergroups or userroles) workspaces. We needed to create these views ourselves. |
| Comment by Edgar Vonk [ 18/Jul/12 ] |
|
Argh! We now suddenly have 6 superusers in our Magnolia..?! No idea where they came from. Not from the upgrade itself in any case. Yesterday we only had one.. |
| Comment by Edgar Vonk [ 18/Jul/12 ] |
|
Maybe it is related to the 4.5 upgrade. We now have a feeling it may be caused by the 4.5 Migration Module. Specifically by the Groovy migration scripts. Not sure though. If you have any ideas? |
| Comment by Milan Divilek [ 30/Jul/12 ] |
|
Hello Edgar, I was not able to replicate this issue. If you have any details that could help me with this, please paste them into this ticket. |
| Comment by Edgar Vonk [ 30/Jul/12 ] |
|
Hi Milan, I realize that. It has to do with the Magnolia 4.5 migration procedure but no idea what went wrong. Anyway, that is fine now but could you at least fix the log line in the code as I mentioned? The log line should output the name and realm and currently it does not output anything. Cheers. |
| Comment by Milan Divilek [ 31/Jul/12 ] |
|
By mistake I wrote bad issue number to commit message which repair this issue. Commit to 4.5.x branch, Commit to master |