[jboss-jira] [JBoss JIRA] (WFLY-11769) The wrong SecurityIdentity may be used for EE concurrency threads that are reused
James Perkins (Jira)
issues at jboss.org
Fri Feb 22 17:26:00 EST 2019
[ https://issues.jboss.org/browse/WFLY-11769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Perkins updated WFLY-11769:
---------------------------------
Priority: Critical (was: Major)
> The wrong SecurityIdentity may be used for EE concurrency threads that are reused
> ---------------------------------------------------------------------------------
>
> Key: WFLY-11769
> URL: https://issues.jboss.org/browse/WFLY-11769
> Project: WildFly
> Issue Type: Bug
> Components: Concurrency Utilities, Security
> Reporter: James Perkins
> Assignee: Eduardo Martins
> Priority: Critical
>
> The {{ElytronManagedThread}} stores a {{SecurityIdentity}} to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could cause a shared thread to use the wrong security identity when executing. This should likely be handled in a {{SetupContextHandle}}, however we need to examine the performance impact of this.
> Using the {{SetupContextHandle}} would be the preferred method as it would need to execute after some of the other context handles so the correct TCCL would be seen for the {{SecurityDomain.getCurrent()}}.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list