Repeated error filling logs on calling the node rest api for user authenticating with correct username, but incorrect match case.

[p4535992]

Verified on Alfresco Community 7.4 and 23

The logs of some clients were filled with this error on the rest api calls in the specific case , the service was not going to fail , just filled the logs with this annoying error.

2024-03-12T12:48:55,984 [] ERROR [util.transaction.TransactionSupportUtil] [http-nio-8080-exec-7] After completion (committed) exception
org.alfresco.repo.security.authentication.AuthenticationException: 02126217 User name does not exist: pi*******
        at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.updateUser(RepositoryAuthenticationDao.java:456) ~[alfresco-repository-20.164.jar:20.164]
        at org.alfresco.repo.security.authentication.HashPasswordTransactionListener$1.execute(HashPasswordTransactionListener.java:106) ~[alfresco-repository-20.164.jar:20.164]
        at org.alfresco.repo.security.authentication.HashPasswordTransactionListener$1.execute(HashPasswordTransactionListener.java:1) ~[alfresco-repository-20.164.jar:20.164]
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:452) ~[alfresco-repository-20.164.jar:20.164]
        at org.alfresco.repo.security.authentication.HashPasswordTransactionListener.afterCommit(HashPasswordTransactionListener.java:91) ~[alfresco-repository-20.164.jar:20.164]
        at org.alfresco.util.transaction.TransactionSupportUtil$TransactionSynchronizationImpl.afterCompletion(TransactionSupportUtil.java:598) ~[alfresco-core-20.164.jar:20.164]
        at org.springframework.transaction.support.TransactionSynchronizationUtils.invokeAfterCompletion(TransactionSynchronizationUtils.java:172) ~[spring-tx-5.3.27.jar:5.3.27]
        at org.springframework.transaction.support.AbstractPlatformTransactionManager.invokeAfterCompletion(AbstractPlatformTransactionManager.java:977) ~[spring-tx-5.3.27.jar:5.3.27]
        at org.springframework.transaction.support.AbstractPlatformTransactionManager.triggerAfterCompletion(AbstractPlatformTransactionManager.java:952) ~[spring-tx-5.3.27.jar:5.3.27]
        at org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:785) ~[spring-tx-5.3.27.jar:5.3.27]
        at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:711) ~[spring-tx-5.3.27.jar:5.3.27]
        at org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:654) ~[spring-tx-5.3.27.jar:5.3.27]
        at org.alfresco.util.transaction.SpringAwareUserTransaction.commit(SpringAwareUserTransaction.java:507) ~[alfresco-core-20.164.jar:20.164]
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:474) ~[alfresco-repository-20.164.jar:20.164]
        at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:406) ~[alfresco-remote-api-20.164.jar:20.164]
        at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:309) ~[alfresco-remote-api-20.164.jar:20.164]
        at org.alfresco.rest.api.PublicApiRepositoryContainer.access$001(PublicApiRepositoryContainer.java:47) ~[alfresco-remote-api-20.164.jar:20.164]
        at org.alfresco.rest.api.PublicApiRepositoryContainer$1.doWork(PublicApiRepositoryContainer.java:84) ~[alfresco-remote-api-20.164.jar:20.164]
        at org.alfresco.repo.tenant.TenantUtil.runAsWork(TenantUtil.java:126) ~[alfresco-data-model-20.164.jar:20.164]
        at org.alfresco.repo.tenant.TenantUtil.runAsTenant(TenantUtil.java:95) ~[alfresco-data-model-20.164.jar:20.164]
        at org.alfresco.rest.api.PublicApiRepositoryContainer.executeScript(PublicApiRepositoryContainer.java:80) ~[alfresco-remote-api-20.164.jar:20.164]
        at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:423) ~[spring-webscripts-8.40.jar:8.40]
        at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210) ~[spring-webscripts-8.40.jar:8.40]
        at org.alfresco.repo.web.scripts.TenantWebScriptServlet.service(TenantWebScriptServlet.java:82) ~[alfresco-remote-api-20.164.jar:20.164]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:596) ~[servlet-api.jar:4.0.FR]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209) ~[catalina.jar:9.0.73]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-websocket.jar:9.0.73]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]
        at org.alfresco.module.aosmodule.service.ContextRootFilter.doFilter(ContextRootFilter.java:93) ~[alfresco-aos-repo-binding-1.6.0.jar:?]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]
        at org.springframework.extensions.webscripts.servlet.SecurityHeadersFilter.doFilter(SecurityHeadersFilter.java:177) ~[spring-webscripts-8.40.jar:8.40]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]
        at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:75) ~[alfresco-remote-api-20.164.jar:20.164]
        at jdk.internal.reflect.GeneratedMethodAccessor1069.invoke(Unknown Source) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
        at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:132) ~[alfresco-repository-20.164.jar:20.164]
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.27.jar:5.3.27]
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:220) ~[spring-aop-5.3.27.jar:5.3.27]
        at jdk.proxy4.$Proxy372.doFilter(Unknown Source) ~[?:?]
        at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89) ~[alfresco-remote-api-20.164.jar:20.164]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]
        at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68) ~[alfresco-remote-api-20.164.jar:20.164]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]
        at org.alfresco.web.app.servlet.ClearSecurityContextFilter.doFilter(ClearSecurityContextFilter.java:53) ~[alfresco-remote-api-20.164.jar:20.164]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) ~[catalina.jar:9.0.73]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[catalina.jar:9.0.73]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492) ~[catalina.jar:9.0.73]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) ~[catalina.jar:9.0.73]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[catalina.jar:9.0.73]
        at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:768) ~[catalina.jar:9.0.73]
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673) ~[catalina.jar:9.0.73]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[catalina.jar:9.0.73]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[catalina.jar:9.0.73]
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389) ~[tomcat-coyote.jar:9.0.73]
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-coyote.jar:9.0.73]
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926) ~[tomcat-coyote.jar:9.0.73]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791) ~[tomcat-coyote.jar:9.0.73]
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.73]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-util.jar:9.0.73]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-util.jar:9.0.73]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.73]
        at java.lang.Thread.run(Thread.java:833) ~[?:?]

In the specific case to give an example the "List Node Children" call .

The problem we verified stems from the fact that some usernames were created as "PIPPO" while calls to the rest api were made with "pippo," having set the property

user.name.caseSensitive=false

the service prints the error, but then moves on, but by now the error has been printed, if I make the call with "PIPPO" instead of "pippo" on the rest api the error is not printed.

here the problematic line :

alfresco-community-repo/repository/src/main/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java

Line 194 in 1b553db

public NodeRef getUserOrNull(String caseSensitiveSearchUserName)

It should be caseUnSensitiveSearchUserName if user.name.caseSensitive=false no ?

Is it possible also for this portion of the code to add ul case unsensitve check of the property ?

[AFaust]

The root cause of this issue is that https://github.com/Alfresco/alfresco-community-repo/blob/master/repository/src/main/java/org/alfresco/repo/security/authentication/AuthenticationComponentImpl.java#L134 is not using the normalised user name, but the user name as provided during authentication. The normalisation of the user name would have taken care to correct any mismatching case. The case-insensitive setting only affects how user resolution should be treated when authenticating or doing name to user resolutions via public service APIs, but at the lowest level, things are still case sensitive - which is why normalisation matters.