[jboss-cvs] JBossAS SVN: r72642 - projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Apr 23 17:42:18 EDT 2008 

Author: anil.saldhana at jboss.com
Date: 2008-04-23 17:42:18 -0400 (Wed, 23 Apr 2008)
New Revision: 72642

Modified:
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java
Log:
SECURITY-203: client LM should clean Security Ctx on logout

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java	2008-04-23 21:40:57 UTC (rev 72641)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java	2008-04-23 21:42:18 UTC (rev 72642)
@@ -275,7 +275,7 @@
       {
          // Clear the entire security association stack
          SecurityAssociationActions.clear();  
-         SecurityAssociationActions.setSecurityContext(null);         
+         SecurityAssociationActions.clearSecurityContext(null);         
       }
       Set<Principal> principals = subject.getPrincipals();
       principals.remove(loginPrincipal);

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java	2008-04-23 21:40:57 UTC (rev 72641)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java	2008-04-23 21:42:18 UTC (rev 72642)
@@ -131,6 +131,22 @@
       }
    }
    
+   static void clearSecurityContext(final SecurityContext sc)
+   {
+      AccessController.doPrivileged(new PrivilegedAction<Object>()
+      { 
+         public Object run()
+         {
+            SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+            //The SecurityContext may have been cached somewhere
+            if(sc != null)
+               sc = null;
+            setSecurityContext(sc); 
+            return null;
+         }
+      });
+   }
+   
    static void setSecurityContext(final SecurityContext sc)
    {
       AccessController.doPrivileged(new PrivilegedAction<Object>()

More information about the jboss-cvs-commits mailing list