[jboss-jira] [JBoss JIRA] (SECURITY-733) Session replication broken by NegotiationAuthenticator valve
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Mon Apr 22 08:44:54 EDT 2013
[ https://issues.jboss.org/browse/SECURITY-733?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse resolved SECURITY-733.
---------------------------------------
Resolution: Done
JBoss Negotiation makes use of a wrapper to intercept calls through the Valves to ensure the delegation credential is set - this was unfortunately hiding the Lifecycle implementation of the wrapped valve.
The code change now introduces an additional valve in the chain rather than completely wrapping the next valve - this makes the Lifecycle implementation visible.
> Session replication broken by NegotiationAuthenticator valve
> ------------------------------------------------------------
>
> Key: SECURITY-733
> URL: https://issues.jboss.org/browse/SECURITY-733
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Affects Versions: Negotiation_2_2_2
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: Negotiation_2_2_3
>
>
> From an initial review of the code I believe this is because the ClusterSessionValve implements the Listener interface - however the wrapper class does not.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list