[jboss-jira] [JBoss JIRA] (SECURITY-882) Fix for SECURITY-868 breaks flush-cache capability
RH Bugzilla Integration (JIRA)
issues at jboss.org
Tue Jan 17 08:55:00 EST 2017
[ https://issues.jboss.org/browse/SECURITY-882?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13349678#comment-13349678 ]
RH Bugzilla Integration commented on SECURITY-882:
--------------------------------------------------
Petr Penicka <ppenicka at redhat.com> changed the Status of [bug 1219778|https://bugzilla.redhat.com/show_bug.cgi?id=1219778] from VERIFIED to CLOSED
> Fix for SECURITY-868 breaks flush-cache capability
> --------------------------------------------------
>
> Key: SECURITY-882
> URL: https://issues.jboss.org/browse/SECURITY-882
> Project: PicketBox
> Issue Type: Bug
> Components: AS-Integration
> Affects Versions: PicketBox_4_0_19.Final
> Environment: EAP 6.3.3, JDV 6.1.0
> Reporter: Hisanobu Okuda
> Assignee: Stefan Guilhen
>
> The member field ThreadLocal<CompoundInfo> validatedDomainInfo was introduced for the fix of SECURITY-868. When you are authenticated, a valid security info is stored in the field thread-locally. Then, you flushes the JAAS cache via CLI or API in another thread, org.jboss.security.authentication.JBossCachedAuthenticationManager.flushCache() is invoked, but validatedDomainInfo is not flushed properly, since it is ThreadLocal. As a result, a cached security info is re-used unexpectedly.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list