[
https://issues.jboss.org/browse/WFLY-2394?page=com.atlassian.jira.plugin....
]
RH Bugzilla Integration commented on WFLY-2394:
-----------------------------------------------
Ladislav Thon <lthon(a)redhat.com> made a comment on [bug
1024072|https://bugzilla.redhat.com/show_bug.cgi?id=1024072]
Verified with EAP 6.2.0.ER7.
AccessControlContext and management users Subject leaking into thread
pool of host controller executor.
-------------------------------------------------------------------------------------------------------
Key: WFLY-2394
URL:
https://issues.jboss.org/browse/WFLY-2394
Project: WildFly
Issue Type: Sub-task
Security Level: Public(Everyone can see)
Components: Domain Management, Security
Affects Versions: 8.0.0.Beta1
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Priority: Blocker
Fix For: 8.0.0.CR1
The JBossThreadFactory in use for the executor service is allowing for the
AccessControlContext of the thread submitting the Runnable task to the executor to be
associated with the Thread created.
Additional precautions should be taken within the HostController to prevent this
association.
Where a Subject does need to be associated this should be handled manually.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira