Return-Path: Delivered-To: apmail-incubator-jsecurity-dev-archive@locus.apache.org Received: (qmail 66244 invoked from network); 17 Oct 2008 15:15:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 17 Oct 2008 15:15:05 -0000 Received: (qmail 7814 invoked by uid 500); 17 Oct 2008 15:15:07 -0000 Delivered-To: apmail-incubator-jsecurity-dev-archive@incubator.apache.org Received: (qmail 7803 invoked by uid 500); 17 Oct 2008 15:15:07 -0000 Mailing-List: contact jsecurity-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jsecurity-dev@incubator.apache.org Delivered-To: mailing list jsecurity-dev@incubator.apache.org Received: (qmail 7792 invoked by uid 99); 17 Oct 2008 15:15:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Oct 2008 08:15:07 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Oct 2008 15:14:07 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 2CC65234C232 for ; Fri, 17 Oct 2008 08:14:45 -0700 (PDT) Message-ID: <250731097.1224256485182.JavaMail.jira@brutus> Date: Fri, 17 Oct 2008 08:14:45 -0700 (PDT) From: "Grzegorz Borkowski (JIRA)" To: jsecurity-dev@incubator.apache.org Subject: [jira] Created: (JSEC-22) Login-logout-login scenario MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Login-logout-login scenario --------------------------- Key: JSEC-22 URL: https://issues.apache.org/jira/browse/JSEC-22 Project: JSecurity Issue Type: Improvement Components: Authentication (log-in) Reporter: Grzegorz Borkowski Priority: Minor Consider following code (used in JUnit test): Subject currentUser = SecurityUtils.getSubject(); //login as user with some permissions currentUser.login(new UsernamePasswordToken("empl1", "pass1")); //call some protected function currentUser.logout(); // now use user without required premissions currentUser.login(new UsernamePasswordToken("testUser", "blah")); //call protected method - should throw UnaauthorizedException This code looks ok, but it will not work. It will throw NPE on the line with second login() call. This is beacuse logout() method will clear the securityManager field in currentUser object, and the next login() call will call the method on this securityManager, rising NPE. It would be better if we allow somehow for such scenario - open question is how? At this moment the currentUser object after logout() method becomes completely useless. (Current workaround: after calling logout() and before second call to login() you have to replace currentUser object: currentUser = SecurityUtils.getSubject(); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.