Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-3469

One authentication by session feature is broken

    Details

    • Development Priority:
      High
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      The check StringUtils.endsWith(principal.getName(), "XWiki." + username) is almost always because:

      • username check are not always case sensitive
      • username and xwikiname may differ depending of the authentication used

      I really wonder what is the real root cause of XWIKI-3342, and the best would be to find it, since there is initially no reason for the principal store in the user session to differ from the session cookies.

      Anyway the fix is not appropriate, and I propose to revert it.
      Maybe you should also consider XWIKI-3328.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tmortagne Thomas Mortagne
                Reporter:
                softec Denis Gervalle
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Date of First Response: