Amy Roh wrote:
The admin logs you out and asks you to reauthenticate yourself again after
you do "commit". It seems like after the admin gets redeployed, the same
CoyoteRequestFacade loses its userPrincipal in the recycle() method. What
is the motivation for setting userPrincipal to null in recycle()? I don't
think it's acceptable to ask the user to keep logging on and reauthenticate
his/herself everytime you commit.
Comments?
Well, I think it is perfectly acceptable, sorry ;-)
BTW, there's no CoyoteRequestFacade.recycle, that's in CoyoteRequest, and it is obviously a field which needs to be recycled.
I meant to say CoyoteRequest. :-)
"Fixing" this will create a major security issue. Please refrain from fixing things you do not seem to understand well, or please only do so in Sun's repositories.
I see that there will be security issues if we don't clean up the field in the request. No such fix will go into Sun's repositories if it's a security issue. I obviously posted the email to the list for additional comments to understand the code better.
Thanks, Amy
Remy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
