[magnolia-dev] [JIRA] Resolved: (MAGNOLIA-1403) WebContextImpl.getUser should use jaas user, and not assume that the user is available in the jcr repository

Philipp Bracher (JIRA) Tue, 27 Nov 2007 01:19:03 -0800

     [ http://jira.magnolia.info/browse/MAGNOLIA-1403?page=all ]


Philipp Bracher resolved MAGNOLIA-1403.
---------------------------------------

    Fix Version/s: 3.5 RC1
                       (was: Green)
       Resolution: Fixed

All that was refacored. The issue should not exist anymore:
- different user managers registrable.
- UserContext: login(user), logout()

> WebContextImpl.getUser should use jaas user, and not assume that the user is 
> available in the jcr repository
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: MAGNOLIA-1403
>                 URL: http://jira.magnolia.info/browse/MAGNOLIA-1403
>             Project: Magnolia
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.0.1
>            Reporter: Fabrizio Giustina
>         Assigned To: Fabrizio Giustina
>             Fix For: 3.5 RC1
>
>
> When the jaas authenticator has been set to use an external user repository, 
> context.getUser() should work happily with that, without assuming that a user 
> node exists in magnolia repository.
> WebContextImpl.getUser() instead always call UserManager().getUser() with the 
> userid of the current jaas subject, with the following result:
> ERROR 
> info.magnolia.cms.security.MgnlUserManager.getUser(MgnlUserManager.java:168)  
>  user not registered in magnolia itself [fgiust]
> INFO  info.magnolia.cms.security.DummyUser.<init>(DummyUser.java:32)   
> Initializing dummy user - Anonymous
> INFO  info.magnolia.cms.security.DummyUser.<init>(DummyUser.java:33)   This 
> area and/or instance is not secured
> (magnolia shows "anonymous" everywhere, context.getUser() is also used in the 
> main admincentral page)
> This is the current implementation:
>     public User getUser() {
>         if (this.user == null) {
>             if (Authenticator.getSubject(request) == null) {
>                 log.debug("JAAS Subject is null, returning Anonymous user");
>                 this.user = 
> Security.getUserManager().getUser(UserManager.ANONYMOUS_USER);
>             }
>             else {
>                 this.user = 
> Security.getUserManager().getUser(Authenticator.getSubject(request));
>             }
>         }
>         return this.user;
>     }
> This should definitively be fixed to allow external users to work just like 
> "normal" magnolia users. It should return an instance of ExternalUser which 
> wrap jaas Subject.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/docs/en/editor/stayupdated.html
----------------------------------------------------------------

[magnolia-dev] [JIRA] Resolved: (MAGNOLIA-1403) WebContextImpl.getUser should use jaas user, and not assume that the user is available in the jcr repository

Reply via email to