Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-3469

One authentication by session feature is broken

    XMLWordPrintable

Details

    • High
    • N/A
    • N/A

    Description

      The check StringUtils.endsWith(principal.getName(), "XWiki." + username) is almost always because:

      • username check are not always case sensitive
      • username and xwikiname may differ depending of the authentication used

      I really wonder what is the real root cause of XWIKI-3342, and the best would be to find it, since there is initially no reason for the principal store in the user session to differ from the session cookies.

      Anyway the fix is not appropriate, and I propose to revert it.
      Maybe you should also consider XWIKI-3328.

      Attachments

        Issue Links

          blocks

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-3328 Extend XWIKI-3013 (authenticate only once per session) to basic authentication

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open
          is related to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-9437 Fully allow using XWiki when cookies are turned off

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              softec Denis Gervalle
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: