James Perkins created WFLY-11769: ------------------------------------ Summary: The wrong SecurityIdentity may be used for EE concurrency threads that are reused Key: WFLY-11769 URL: https://issues.jboss.org/browse/WFLY-11769 Project: WildFly Issue Type: Bug Components: Concurrency Utilities, Security Reporter: James Perkins Assignee: Eduardo Martins The {{ElytronManagedThread}} stores a {{SecurityIdentity}} to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could cause a shared thread to use the wrong security identity when executing. This should likely be handled in a {{SetupContextHandle}}, however we need to examine the performance impact of this. Using the {{SetupContextHandle}} would be the preferred method as it would need to execute after some of the other context handles so the correct TCCL would be seen for the {{SecurityDomain.getCurrent()}}. -- This message was sent by Atlassian Jira (v7.12.1#712002)