geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-4748) Security context is not cleared before the thread is returned to the pool for Tomcat
Date Thu, 16 Jul 2009 18:46:15 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-4748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12732075#action_12732075
] 

David Jencks commented on GERONIMO-4748:
----------------------------------------

I think this is only a problem for ejb web services, the PolicyContextBeforeAfter should be
taking care of this for web apps and pojo web services.  Fixes for 2.1 and 2.2 will have to
be very different due to tomcat security rewrite in 2.2

> Security context is not cleared before the thread is returned to the pool for Tomcat
> ------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-4748
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4748
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Tomcat
>    Affects Versions: 2.1.5, 2.2
>            Reporter: Ivan
>            Priority: Critical
>             Fix For: 2.1.5, 2.2
>
>
> We do some authentication in the TomcatGeronimoRealm, and set the security context, but
it is not cleared later.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message