Details
-
Improvement
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
14.3.3
-
Flagged
Description
If some user tries to log into the CMS, authenticates correctly but is not authorized, there is still a 'login successful' event which is visible for other users in the activity stream.
We could mitigate this by logging the 'login successful' event after authorization and also maybe renaming the current event (and not showing it in the activity stream).
See org.hippoecm.frontend.session.PluginUserSession#login() which calls #checkApplicationPermission and org.hippoecm.frontend.model.JcrSessionModel#load and #flush