Why is the modifier of a content a random user from the list of logged in users?

cancel
Showing results for 
Search instead for 
Did you mean: 
darkstar1
Active Member II

Why is the modifier of a content a random user from the list of logged in users?

Jump to solution

I have a webscript:

desc.xml - 

<webscript>
    <shortname>LibreOffice Online PutFile</shortname>
    <url>/wopi/files/{fileId}/contents</url>
    <family>LibreOffice Online</family>
    <authentication>none</authentication>
    <format default="json"></format>
    <transaction>required</transaction>
</webscript>

java controller (shortened slightly for brevity):

public class LOPutFileWebScript extends AbstractWebScript {
    private static final Log logger = LogFactory.getLog(LOPutFileWebScript.class);
    private WOPITokenService wopiTokenService;
    private NodeService nodeService;
    private ContentService contentService;

    @Override
    public void execute(WebScriptRequest req, WebScriptResponse res) throws IOException {
        try {
            final WOPIAccessTokenInfo tokenInfo = wopiTokenService.getTokenInfo(req);
            final NodeRef nodeRef = wopiTokenService.getFileNodeRef(tokenInfo);
            //Verifying that the user actually exists
            final PersonInfo person = wopiTokenService.getUserInfoOfToken(tokenInfo);
            if (StringUtils.isBlank(person.getUserName()) && !person.getUserName().equals(tokenInfo.getUserName()) )
                throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR, "Invalid user id in token.");

            if(tokenInfo != null) {
                AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() {
                    @Override
                    public Object doWork() throws Exception {
                        ContentWriter writer = contentService.getWriter(nodeRef, ContentModel.PROP_CONTENT, true);
                        writer.putContent(req.getContent().getInputStream());
                        writer.guessMimetype((String) nodeService.getProperty(nodeRef, ContentModel.PROP_NAME));
                        writer.guessEncoding();

                        //Output is correct 100% of the time
                        logger.debug("\n****** Debug testing ********\nToken: " + tokenInfo.getAccessToken()
                                + "FileId: " + tokenInfo.getFileId() + "\nUserName: " + tokenInfo.getUserName() + "\n");
                        return null;
                    }
                }, tokenInfo.getUserName());
            }
            //The output here results in a random user name. Seemingly from the pool of logged in users.
            logger.debug("Modifier for the above nodeRef [" + nodeRef.toString() + "] is: " + nodeService.getProperty(nodeRef, ContentModel.PROP_MODIFIER));
        }
        catch(ContentIOException | WebScriptException we){
            we.printStackTrace();
            //throw a bunch of errors
        }
    }
//Setters for services...
}

It so happens that after editing a document, the ContentModel.PROP_MODIFIER property of the document node is a seemingly random user from the pool of logged in users. I was under the understanding that the expected behaviour would be that when the default onUpdateBehaviour kicked, in it would update with the details found in the context, and since the thread is run as the user, I figured the information passed to the behaviour would come from this thread.

I'd appreciate some insight into this.

Thanks

1 Solution

Accepted Solutions
douglascrp
Advanced II

Re: Why is the modifier of a content a random user from the list of logged in users?

Jump to solution

As I was saying in our chat on Skype, I believe these links can help you with the problem

[solved] AuthenticationUtil.runAs: how to get ride of this ?

https://community.alfresco.com/thread/194553-action-with-setrunasuser#comment-652744 

Try to use the AuthenticationUtil.setFullyAuthenticatedUser method with the user in the token.

View solution in original post

4 Replies
janv
Senior Member II

Re: Why is the modifier of a content a random user from the list of logged in users?

Jump to solution

That does look a little odd - but would need to debug with the "auditable" behaviour with your test case, etc.

Out of interest, do you see the same effect if you wrap with something like this instead ... ?

...
retryingTransactionHelper
.doInTransaction(new RetryingTransactionCallback<Void>()
{
@Override
public Void execute() throws Throwable
{
AuthenticationUtil.
pushAuthentication();
try
{
AuthenticationUtil.
setRunAsUser(tokenInfo.getUserName());
// ... do more here ...
}
finally
{
AuthenticationUtil.
popAuthentication();
}
return null;
}
}
, false, true);
...

Regards,

Jan

douglascrp
Advanced II

Re: Why is the modifier of a content a random user from the list of logged in users?

Jump to solution

As I was saying in our chat on Skype, I believe these links can help you with the problem

[solved] AuthenticationUtil.runAs: how to get ride of this ?

https://community.alfresco.com/thread/194553-action-with-setrunasuser#comment-652744 

Try to use the AuthenticationUtil.setFullyAuthenticatedUser method with the user in the token.

View solution in original post

janv
Senior Member II

Re: Why is the modifier of a content a random user from the list of logged in users?

Jump to solution

Actually, yes as suggested by Douglas, that makes even more sense in your example, eg.

...
try
{
  AuthenticationUtil.
setFullyAuthenticatedUser(tokenInfo.getUserName());
  // ... do more here ...
}
finally
{
  AuthenticationUtil.clearCurrentSecurityContext
();
}
...

Regards,

Jan

darkstar1
Active Member II

Re: Why is the modifier of a content a random user from the list of logged in users?

Jump to solution

Thanks Jan.

It seems AuthenticationUtil.setFullyAuthenticatedUser() did the trick. So far testing hasn't resulted in the re-appearance of the bug.