[jboss-jira] [JBoss JIRA] Resolved: (SECURITY-237) Create different implementation of JaasSecurityManager

Create different implementation of JaasSecurityManager ------------------------------------------------------ Key: SECURITY-237 URL: http://jira.jboss.com/jira/browse/SECURITY-237 Project: JBoss Security and Identity Management Issue Type: Feature Request Security Level: Public(Everyone can see) Components: JBossSX Affects Versions: 2.0.2.CR3 Reporter: Marcus Moyses Assigned To: Marcus Moyses Fix For: 2.0.2.GA The current implementation of the JaasSecurityManager could lead to a problem where multiple threads try to authenticate concurrently. Both threads would try to validate the principal in the cache and fail (as the principal has not logged in yet) and proceed to authentication. The first threads authenticates the principal, but the second one removes that entry from the cache (causing a logout) and authenticates the principal again. One solution is to make cache validation and authentication an atomic operation, synchronized on the principal's name.