Alfresco's AuthenticationUtil.getFullyAuthenticatedUser()
Par Jerome le jeudi 19 janvier 2012, 16:43 - Informatique - Lien permanent
I am using version 3.4.d community and I plugged custom pages in for company
specific matters.
In those page, I need to know the logged in user.
So, I found
In those page, I need to know the logged in user.
So, I found
AuthenticationUtil.getFullyAuthenticatedUser();
which I later found out does return the authenticated user but the last
one who logged in.
So, I had a fucking problem with my app reacting like the user in front of the screen is someone else.
Oo !!!??!!! WTF ???
Guess what .... Its written black on white in the javadoc (see http://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/projects/data-model/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java)
So, I had a fucking problem with my app reacting like the user in front of the screen is someone else.
Oo !!!??!!! WTF ???
Guess what .... Its written black on white in the javadoc (see http://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/projects/data-model/source/java/org/alfresco/repo/security/authentication/AuthenticationUtil.java)
/**
* Get the fully authenticated user.
* It returns the name of the user that last authenticated and excludes any overlay authentication set
* by {@link #runAs(org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork, String) runAs}.
*
* @return Returns the name of the authenticated user
* @throws AuthenticationException
*/
Lessons learned, again :
- do not assume people use meaningful names.
- method name is not enough
- reading first line of javadoc is not enough
- one never stops learning with Alfresco
HELL, THAT NEARLY SCREWED MY LAUNCH !
Fortunately, this has been detected during internal tests.