Description
TokenLoginModule.login contains the following code that may set the userId field:
[...] TokenCredentials tc = (TokenCredentials) credentials; TokenAuthentication authentication = new TokenAuthentication(tokenProvider); if (authentication.authenticate(tc)) { tokenCredentials = tc; tokenInfo = authentication.getTokenInfo(); userId = authentication.getUserId(); [...] }
however, TokenAuthentication.getUserId() will just delegate to TokenInfo.getUserId and setting the userId in the login module is IMO redundant. Also, upon commit the AuthInfo is ultimately populated with the ID retrieved from the TokenInfo and the userId field is ignored.
I would therefore suggest to drop the extra userId field and simplify the code accordingly. stillalex, will attach a proposed patch later today.