[magnolia-dev] [JIRA] Created: (MAGNOLIA-1403) WebContextImpl.getUser should use jaas user, and not assume that the user is available in the jcr repository

Sun, 25 Feb 2007 07:39:06 -0800 

WebContextImpl.getUser should use jaas user, and not assume that the user is 
available in the jcr repository
------------------------------------------------------------------------------------------------------------

                 Key: MAGNOLIA-1403
                 URL: http://jira.magnolia.info/browse/MAGNOLIA-1403
             Project: Magnolia
          Issue Type: Bug
          Components: security
    Affects Versions: 3.0.1
            Reporter: Fabrizio Giustina
         Assigned To: Fabrizio Giustina
             Fix For: 3.1


When the jaas authenticator has been set to use an external user repository, 
context.getUser() should work happily with that, without assuming that a user 
node exists in magnolia repository.

WebContextImpl.getUser() instead always call UserManager().getUser() with the 
userid of the current jaas subject, with the following result:

ERROR 
info.magnolia.cms.security.MgnlUserManager.getUser(MgnlUserManager.java:168)   
user not registered in magnolia itself [fgiust]
INFO  info.magnolia.cms.security.DummyUser.<init>(DummyUser.java:32)   
Initializing dummy user - Anonymous
INFO  info.magnolia.cms.security.DummyUser.<init>(DummyUser.java:33)   This 
area and/or instance is not secured
(magnolia shows "anonymous" everywhere, context.getUser() is also used in the 
main admincentral page)

This is the current implementation:

    public User getUser() {
        if (this.user == null) {
            if (Authenticator.getSubject(request) == null) {
                log.debug("JAAS Subject is null, returning Anonymous user");
                this.user = 
Security.getUserManager().getUser(UserManager.ANONYMOUS_USER);
            }
            else {
                this.user = 
Security.getUserManager().getUser(Authenticator.getSubject(request));
            }
        }
        return this.user;
    }


This should definitively be fixed to allow external users to work just like 
"normal" magnolia users. It should return an instance of ExternalUser which 
wrap jaas Subject.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/developer.html
----------------------------------------------------------------

Reply via email to