[
https://issues.apache.org/jira/browse/GERONIMO-4748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12732347#action_12732347
]
David Jencks commented on GERONIMO-4748:
----------------------------------------
For 2.2, rev 794963 simplifies default subject handling. AFAICT a subject is
always set on the thread before the request is handled and removed after it's
handled, so I don't see how there can be a problem with subjects left
associated with threads.
There are some additional problems with secure web service clients that I'm
looking into but there should be no intermittent failures.
> Security context is not cleared before the thread is returned to the pool for
> Tomcat
> ------------------------------------------------------------------------------------
>
> Key: GERONIMO-4748
> URL: https://issues.apache.org/jira/browse/GERONIMO-4748
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.1.5, 2.2
> Reporter: Ivan
> Assignee: David Jencks
> Priority: Critical
> Fix For: 2.1.5, 2.2
>
>
> We do some authentication in the TomcatGeronimoRealm, and set the security
> context, but it is not cleared later.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
