[wildfly-dev] Broken logout / HAL-60

Jason Greene jgreene at redhat.com
Fri Aug 9 07:37:11 EDT 2013


Hmm we need to look into a security issue then because that could mean that subsequent requests with incorrect credentials are somehow accepted when they should be rejected.

On Aug 9, 2013, at 5:06 AM, Harald Pehl <hpehl at redhat.com> wrote:

> I'm trying to fix the broken logout in the console (https://issues.jboss.org/browse/HAL-60). With the switch to undertow, the redirects in LogoutHandler do not longer work in Chrome and Safari. I came up with a solution that adds a call to SecurityContext.logout() before doing the redirects. 
> 
> My changes are in PR #4879: https://github.com/wildfly/wildfly/pull/4897. Can you take a look at my solution. I don't know if that's an appropriate solution to get rid of the digest authentication information. At least it does work across common browsers.
> 
> Thanks
> Harald
> 
> --- 
> Harald Pehl
> JBoss by Red Hat
> http://hpehl.info
> 
> 
> 
> 
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev



More information about the wildfly-dev mailing list