[MAGNOLIA-4478] Improve "More than one user found with name [{}] in realm [{}]" error message Created: 17/Jul/12  Updated: 31/Jul/12  Resolved: 31/Jul/12

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 4.5.3
Fix Version/s: 4.5.5

Type: Improvement Priority: Neutral
Reporter: Edgar Vonk Assignee: Milan Divilek
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File Screen Shot 2012-07-18 at 10.36.20 AM.png    
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

Since the upgrade to Magnolia 4.5 (which is not quite finished but almost, we hope) we see in the logs:

MgnlUserManager.java(findPrincipalNode:291) 17.07.2012 14:27:31  More than one user found with name [{}] in realm [{}]

Our security configuration in Magnolia looks fine so I do wonder if there actually is anything wrong. Looking at the code in question I wonder if this code is actually ok as it is?

    /**
     * Helper method to find a user in a certain realm. Uses JCR Query.
     */
    @Override
    protected Node findPrincipalNode(String name, Session session) throws RepositoryException {
        String realmName = getRealmName();
        final String where;
        // the all realm searches the repository
        if (Realm.REALM_ALL.getName().equals(realmName)) {
            where = "where name() = '" + name + "'";
        } else {
            // FIXME: DOUBLE CHECK THE QUERY FOR REALMS ... ISDESCENDANTNODE and NAME ....
            where = "where name() = '" + name + "' and isdescendantnode(['/" + realmName + "'])";
            //            where = "where [jcr:path] = '/" + realm + "/" + name + "'"
            //            + " or [jcr:path] like '/" + realm + "/%/" + name + "'";
        }

        final String statement = "select * from [" + MgnlNodeType.USER + "] " + where;

        Query query = session.getWorkspace().getQueryManager().createQuery(statement, Query.JCR_SQL2);
        NodeIterator iter = query.execute().getNodes();
        Node user = null;
        while (iter.hasNext()) {
            Node node = iter.nextNode();
            if (node.isNodeType(ItemType.USER.getSystemName())) {
                user = node;
                break;
            }
        }
        if (iter.hasNext()) {
            log.error("More than one user found with name [{}] in realm [{}]");
        }
        return user;
    }

In any case could you guys have a look at this code and at the very least make the log line output the name and realm in question (this is forgotten in the code):

 log.error("More than one user found with name [{" + name + "}] in realm [{" + realmName + "}]");


 Comments   
Comment by Edgar Vonk [ 17/Jul/12 ]

Ah, turned out we had two superusers in our system. No idea why. I think Magnolia during the upgrade to 4.5 decided that it needed to create a second superuser. Took us ages to figure out, also because by default Magnolia does not offer a JCR repository view of the users (nor usergroups or userroles) workspaces. We needed to create these views ourselves.

Comment by Edgar Vonk [ 18/Jul/12 ]

Argh! We now suddenly have 6 superusers in our Magnolia..?!

No idea where they came from. Not from the upgrade itself in any case. Yesterday we only had one..

Comment by Edgar Vonk [ 18/Jul/12 ]

Maybe it is related to the 4.5 upgrade. We now have a feeling it may be caused by the 4.5 Migration Module. Specifically by the Groovy migration scripts. Not sure though. If you have any ideas?

Comment by Milan Divilek [ 30/Jul/12 ]

Hello Edgar,

I was not able to replicate this issue. If you have any details that could help me with this, please paste them into this ticket.

Comment by Edgar Vonk [ 30/Jul/12 ]

Hi Milan, I realize that. It has to do with the Magnolia 4.5 migration procedure but no idea what went wrong. Anyway, that is fine now but could you at least fix the log line in the code as I mentioned? The log line should output the name and realm and currently it does not output anything. Cheers.

Comment by Milan Divilek [ 31/Jul/12 ]

By mistake I wrote bad issue number to commit message which repair this issue. Commit to 4.5.x branch, Commit to master

Generated at Mon Feb 12 03:56:10 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.