[jboss-jira] [JBoss JIRA] (SECURITY-733) Session replication broken by NegotiationAuthenticator valve
Derek Horton (JIRA)
issues at jboss.org
Fri Apr 11 15:24:13 EDT 2014
[ https://issues.jboss.org/browse/SECURITY-733?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Derek Horton reopened SECURITY-733:
-----------------------------------
This issue still exists.
I tracked the issue down a bit further. The issue appears to be triggered by calling "request.getSessionInternal()" in the WrapperValve.
public void invoke(Request request, Response response) throws IOException, ServletException
{
Session session = request.getSessionInternal();
I'm still working to determine why that causes the issue.
> Session replication broken by NegotiationAuthenticator valve
> ------------------------------------------------------------
>
> Key: SECURITY-733
> URL: https://issues.jboss.org/browse/SECURITY-733
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Affects Versions: Negotiation_2_2_2
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: Negotiation_2_2_3
>
>
> From an initial review of the code I believe this is because the ClusterSessionValve implements the Listener interface - however the wrapper class does not.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list