hi ben
Ben Short wrote:
Session mccSession = repository.login(mccUser.getCredentials());
that's the problem. UserImpl.getCredentials() doesn't return
the SimpleCredentials that you can use for the login and so
you get an anonymous session (see below).
it works as expected if you did:
Session mccSession = superuser.getRepository().login(new
SimpleCredentials("mcc_user", "1234".toCharArray()));
in other words: there is a bug but not in the ac evaluation.
1) API docu of User#getCredentials is insufficient.
2) and the LoginModule should not fallback to anonymous login
if cryptedsimplecredentials are passed but instead the login
should fail.
i will take care of that.
regards
angela
