can't read anonymous user after a session timeout
-------------------------------------------------
Key: MAGNOLIA-1839
URL: http://jira.magnolia.info/browse/MAGNOLIA-1839
Project: Magnolia
Issue Type: Bug
Affects Versions: 3.5 RC1
Reporter: Philipp Bracher
Assigned To: Philipp Bracher
Priority: Blocker
Fix For: 3.5 RC1
Regarding to a report the anonymous user can't get read after a session timeout
of the http session.
Might be that the following happens:
- the user gets seialized
- the deserialized user does not return the subject
The reported exception is:
ERROR info.magnolia.cms.security.SystemUserManager 14.11.2007 15:21:11 --
Failed to login as anonymous user
javax.security.auth.login.AccountNotFoundException: user anonymous not found
at
info.magnolia.jaas.sp.jcr.JCRAuthenticationModule.validateUser(JCRAuthenticationModule.java:79)
at
info.magnolia.jaas.sp.AbstractLoginModule.login(AbstractLoginModule.java:189)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
info.magnolia.cms.security.SystemUserManager.getAnonymousSubject(SystemUserManager.java:132)
at
info.magnolia.cms.security.SystemUserManager.getAnonymousUser(SystemUserManager.java:111)
at
info.magnolia.cms.security.DelegatingUserManager$2.delegate(DelegatingUserManager.java:72)
at
info.magnolia.cms.security.DelegatingUserManager.delegateUntilSupported(DelegatingUserManager.java:117)
at
info.magnolia.cms.security.DelegatingUserManager.getAnonymousUser(DelegatingUserManager.java:70)
at
info.magnolia.cms.security.Authenticator.getAnonymousUser(Authenticator.java:99)
at
info.magnolia.context.UserContextImpl.getUser(UserContextImpl.java:66)
at
info.magnolia.context.DefaultRepositoryStrategy.getSubject(DefaultRepositoryStrategy.java:77)
at
info.magnolia.context.DefaultRepositoryStrategy.getAccessManager(DefaultRepositoryStrategy.java:69)
at
info.magnolia.context.AbstractContext.getAccessManager(AbstractContext.java:118)
at
info.magnolia.context.MgnlContext.getAccessManager(MgnlContext.java:167)
Then we end up in that
ERROR info.magnolia.cms.security.SystemUserManager 14.11.2007 15:21:11 --
Failed to get system or anonymous user [anonymous], will try to create new
system user with default password
ERROR info.magnolia.cms.security.SystemUserManager 14.11.2007 15:21:11 --
Failed to get system or anonymous user [anonymous], will try to create new
system user with default password
ERROR info.magnolia.cms.security.SystemUserManager 14.11.2007 15:21:11 --
Failed to get system or anonymous user [anonymous], will try to create new
system user with default password
ERROR info.magnolia.cms.security.SystemUserManager 14.11.2007 15:21:11 --
Failed to get system or anonymous user [anonymous], will try to create new
system user with default password
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/docs/en/editor/stayupdated.html
----------------------------------------------------------------
