-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Low
-
Affects Version/s: None
-
Component/s: API - Java
-
None
-
Severity 3 - Minor
How DefaultHttpAuthenticationContext.onSuccess(user) leaves username unmodified. There are some cases when username is some control string, like 'x-oauth-token', and after authentication it get valid ApplicationUser from authentication system, but:
String username = context.getUsername() != null ? context.getUsername() : context.getUser().getName();
eventPublisher.publish(new AuthenticationSuccessEvent(this, username, context.getMethod()));
And this send event for user 'x-auth-token', that is not a valid user. But possible it must use user.getName() if getUser() is not null. Like this:
String username = context.getUser() != null ? context.getUser().getName() : context.getUsername();
