[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-3633:
---
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-3633:
---
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-3633:
---
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-3633:
---
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-3633:
---
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-3633:
---
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-3633:
---
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-3633:
---
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Munteanu updated SLING-3633:
---
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated SLING-3633:
-
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated SLING-3633:
-
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated SLING-3633:
-
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Issue Comment Deleted] (SLING-3633) Sling uses wrong value for Principal object
[
https://issues.apache.org/jira/browse/SLING-3633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated SLING-3633:
-
Comment: was deleted
(was: I am out of office, back on June 22.
regards
antonio
)
> Sling uses wrong value for Principal object
> ---
>
> Key: SLING-3633
> URL: https://issues.apache.org/jira/browse/SLING-3633
> Project: Sling
> Issue Type: Bug
> Components: Engine
>Affects Versions: Engine 2.3.2
>Reporter: Ilyas Türkben
>Assignee: Antonio Sanso
> Fix For: JCR Resource 2.3.8, Engine 2.3.4
>
>
> Sling uses resolver.getUserID() to set the HttpContext.REMOTE_USER on the
> request object which used later to the instantiation of the Principal object.
> Sling should use the rep:principalName instead of resolver.getUserID().
> {code:java}
> // org.apache.sling.auth.core.impl.SlingAuthenticator
> /**
> * Sets the request attributes required by the OSGi HttpContext interface
> * specification for the handleSecurity method. In addition
> the
> * {@link SlingAuthenticator#REQUEST_ATTRIBUTE_RESOLVER} request attribute
> * is set to the ResourceResolver.
> */
> private void setAttributes(final ResourceResolver resolver, final String
> authType,
> final HttpServletRequest request) {
> // HttpService API required attributes
> request.setAttribute(HttpContext.REMOTE_USER, resolver.getUserID());
> request.setAttribute(HttpContext.AUTHENTICATION_TYPE, authType);
> // resource resolver for down-stream use
> request.setAttribute(REQUEST_ATTRIBUTE_RESOLVER, resolver);
> log.debug(
> "setAttributes: ResourceResolver stored as request attribute:
> user={}",
> resolver.getUserID());
> }
> {code}
> Below *jrAuthorizable is NULL* when the userID(node name) is not equals to
> rep:principalName property. This is a sample code to reproduce the issue in a
> servlet.
> {code:java}
> final Principal principal = request.getUserPrincipal();
> final org.apache.jackrabbit.api.security.user.UserManager jrUserManager
> =
> request.getResourceResolver().adaptTo(org.apache.jackrabbit.api.security.user.UserManager.class);
> final org.apache.jackrabbit.api.security.user.Authorizable
> jrAuthorizable = jrUserManager.getAuthorizable(principal);
> {code}
> Basically to reproduce the issue, create a user, change the
> rep:principalName, login with the userID, use the api to get a Authorizable
> object with using the request.getUserPrincipal();
--
This message was sent by Atlassian JIRA
(v6.2#6252)
