Hi, I have a problem when authenticating a user with several principals, using JAAS. My repository use a system of users and groups to manage access.
I am using a custom LoginModule as well as a custom AccessManager. The login module check the user credentials, then add the user as a Principal. Then, it determines all the groups to which the user belong, and adds these groups as Principals as well. The AccessManager accesses these different principals (user and optionally groups) to resolve access to each node, with success. But then, when trying to access the current userId from the session (session.getUserID()), I have a random behavior, the id returned corresponds to one of the principals, but not always the user, it often returns me one of the group instead. So I want to know if there is another way to access the principals (all) from a session object. When looking at the source code of the constructor of org.apache.jackrabbit.core.SessionImpl, I found this comment: “use 1st principal in case there are more that one”. So I don’t know if it is a bug, but it looks for me that instead, when several principals exists, it should try to get a principal of type org.apache.jackrabbit.core.security.UserPrincipal if possible… Thanks for your help, Best regards /Martin -- View this message in context: http://www.nabble.com/Wrong-userId-in-the-session-when-using-several-Principals-tp17358934p17358934.html Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
