Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-3469

One authentication by session feature is broken

    XMLWordPrintable

    Details

    • Development Priority:
      High
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      The check StringUtils.endsWith(principal.getName(), "XWiki." + username) is almost always because:

      • username check are not always case sensitive
      • username and xwikiname may differ depending of the authentication used

      I really wonder what is the real root cause of XWIKI-3342, and the best would be to find it, since there is initially no reason for the principal store in the user session to differ from the session cookies.

      Anyway the fix is not appropriate, and I propose to revert it.
      Maybe you should also consider XWIKI-3328.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tmortagne Thomas Mortagne
              Reporter:
              softec Denis Gervalle
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response: