Uploaded image for project: 'ModeShape'
  1. ModeShape
  2. MODE-1222

Anonymous credentials always used when regular authentication fails

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Blocker
    • 2.6.0.Beta2, 2.5.1.GA
    • 2.5.0.Final
    • JCR
    • None

    Description

      Normally, the 'useAnonymousAccessOnFailedLogin' repository option should control whether the repository, when authenticating a request to create a session with user-supplied credentials and those credentials do not authenticate, will fallback to the anonymous credentials and always create a session.

      However, there appears to be a logic problem in the code from a recent change. First, the 'anonymousUserCredentials' field is of type 'Credentials', but line 970 is setting it as a boolean value.

      Attachments

        Activity

          People

            rhauch Randall Hauch (Inactive)
            rhauch Randall Hauch (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: