I am using version 3.4.d community and I plugged custom pages in for company specific matters.
In those page, I need to know the logged in user.

So, I found  
AuthenticationUtil.getFullyAuthenticatedUser();
which I later found out does return the authenticated user but the last one who logged in.
So, I had a fucking problem with my app reacting like the user in front of the screen is someone else.

Oo !!!??!!! WTF ???

Guess what .... Its written black on white in the javadoc  (see http://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/projects/data-model/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java)

/**

 * Get the fully authenticated user. 
* It returns the name of the user that last authenticated and excludes any overlay authentication set
* by {@link #runAs(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork, String) runAs}.
*
* @return Returns the name of the authenticated user
* @throws AuthenticationException
*/


Lessons learned, again :
  • do not assume people use meaningful names.
  • method name is not enough
  • reading first line of javadoc is not enough
  • one never stops learning with Alfresco

HELL, THAT NEARLY SCREWED MY LAUNCH !
Fortunately, this has been detected during internal tests.