bug #6885
UserService.loadUserByUsername() cannot find user in long running session
Start date:
08/04/2017
Due date:
% Done:
0%
Severity:
normal
Found in Version:
Description
When UserService.loadUserByUsername() in a long running session which is managed through the ConversationHolder, the user is never found.
This can breaks login attempts made from within the conversation since loadUserByUsername() is being used in the DaoAuthenticationProvider:
protected final UserDetails retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException {
UserDetails loadedUser;
try {
loadedUser = this.getUserDetailsService().loadUserByUsername(username);
}
catch (UsernameNotFoundException notFound) {
if (authentication.getCredentials() != null) {
String presentedPassword = authentication.getCredentials().toString();
passwordEncoder.isPasswordValid(userNotFoundEncodedPassword,
presentedPassword, null);
}
throw notFound;
}
Related issues
History
#1 Updated by Andreas Kohlbecker over 3 years ago
- Description updated (diff)
#2 Updated by Andreas Kohlbecker over 3 years ago
- Related to bug #6886: Entity creation for users having only CREATE may fail in long running conversations added
#3 Updated by Andreas Müller over 3 years ago
Is this still an open issue after now not using long running sessions in Vaadin anymore? If not, can we set to Rejected? If yes, can you provide more information or a cdmlib test which describes the problem.