[jboss-jira] [JBoss JIRA] (WFLY-11769) The wrong SecurityIdentity may be used for EE concurrency threads that are reused
James Perkins (Jira)
issues at jboss.org
Fri Feb 22 17:24:00 EST 2019
James Perkins created WFLY-11769:
------------------------------------
Summary: The wrong SecurityIdentity may be used for EE concurrency threads that are reused
Key: WFLY-11769
URL: https://issues.jboss.org/browse/WFLY-11769
Project: WildFly
Issue Type: Bug
Components: Concurrency Utilities, Security
Reporter: James Perkins
Assignee: Eduardo Martins
The {{ElytronManagedThread}} stores a {{SecurityIdentity}} to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could cause a shared thread to use the wrong security identity when executing. This should likely be handled in a {{SetupContextHandle}}, however we need to examine the performance impact of this.
Using the {{SetupContextHandle}} would be the preferred method as it would need to execute after some of the other context handles so the correct TCCL would be seen for the {{SecurityDomain.getCurrent()}}.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list