Access to wrong user profile during a portlet request
-----------------------------------------------------
Key: GTNPORTAL-60
URL:
https://jira.jboss.org/jira/browse/GTNPORTAL-60
Project: GateIn Portal
Issue Type: Task
Reporter: Julien Viet
Assignee: Boleslaw Dawidowicz
Fix For: 3.0.0-CR01
In class org.exoplatform.portal.webui.application.UIPortlet I can read the following
code:
UIPortalApplication uiPortalApp = getAncestorOfType(UIPortalApplication.class);
UserProfile userProfile =
service.getUserProfileHandler().findUserProfileByName(uiPortalApp.getOwner());
which seems to be problematic for several reasons:
1/ the uiPortalApp.getOwner() always return "classic", whatever the identity is
(even anonymous)
2/ when the user is anonymous, there is a profile lookup although there should not since
it looks for "classic"
I have replaced this code with
String user = prc.getRemoteUser();
UserProfile userProfile = null;
if (user != null)
{
userProfile = service.getUserProfileHandler().findUserProfileByName(user);
}
that seems more correct.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira