tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arjan Tijms (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TOMEE-1805) HttpServletRequest#logout doesn't clear authenticated identity in EJB
Date Thu, 12 May 2016 09:17:13 GMT

    [ https://issues.apache.org/jira/browse/TOMEE-1805?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15281351#comment-15281351
] 

Arjan Tijms commented on TOMEE-1805:
------------------------------------

p.s. if you want to copy [the JASPIC tests|https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic]
and incorporate them into the TomEE tests, go for it!


> HttpServletRequest#logout doesn't clear authenticated identity in EJB
> ---------------------------------------------------------------------
>
>                 Key: TOMEE-1805
>                 URL: https://issues.apache.org/jira/browse/TOMEE-1805
>             Project: TomEE
>          Issue Type: Bug
>          Components: TomEE Core Server
>    Affects Versions: 7.0.0
>            Reporter: Arjan Tijms
>
> After having authenticated via JASPIC, calling {{HttpServletRequest#logout}} from a [Servlet|https://github.com/javaee-samples/javaee7-samples/blob/master/jaspic/ejb-propagation/src/main/java/org/javaee7/jaspic/ejbpropagation/servlet/PublicServletPublicEJBLogout.java]
and then requesting the caller/user principal (all within the same request), TomEE 7.0.0-SNAPSHOT
from 05-05-2016 will correctly clear out the principal for the web context, but will NOT clear
out the principal for the EJB context.
> A test case exists at https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic/ejb-propagation
> To reproduce it, deploy the ejb-propagation war to TomEE and request http://localhost:8080/jaspic-ejb-propagation/public/servlet-public-ejb-logout?doLogin=true
> The result that's printed is:
> {noformat}
> web username: test
> EJB username: test
> web username after logout: null
> EJB username after logout: test
> {noformat}
> The EJB username after the logout should not be "test".



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message