bug #6885
Updated by Andreas Kohlbecker over 6 years ago
When UserService.loadUserByUsername() in a long running session which is managed through the ConversationHolder, the user is never found. This can breaks login attempts made from within the conversation since loadUserByUsername() is being used in the DaoAuthenticationProvider: ~~~java protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { UserDetails loadedUser; try { loadedUser = this.getUserDetailsService().loadUserByUsername(username); } catch (UsernameNotFoundException notFound) { if (authentication.getCredentials() != null) { String presentedPassword = authentication.getCredentials().toString(); passwordEncoder.isPasswordValid(userNotFoundEncodedPassword, presentedPassword, null); } throw notFound; } ~~~ conversation.