Project

General

Profile

bug #6885

Updated by Andreas Kohlbecker over 1 year ago

When UserService.loadUserByUsername() in a long running session which is managed through the ConversationHolder, the user is never found.

This can breaks login attempts made from within the conversation since loadUserByUsername() is being used in the DaoAuthenticationProvider:

~~~java
protected final UserDetails retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException {
UserDetails loadedUser;

try {
loadedUser = this.getUserDetailsService().loadUserByUsername(username);
}
catch (UsernameNotFoundException notFound) {
if (authentication.getCredentials() != null) {
String presentedPassword = authentication.getCredentials().toString();
passwordEncoder.isPasswordValid(userNotFoundEncodedPassword,
presentedPassword, null);
}
throw notFound;
}

~~~
conversation.

Back

Add picture from clipboard (Maximum size: 40 MB)