[
https://issues.apache.org/jira/browse/GERONIMO-4748?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivan updated GERONIMO-4748:
---------------------------
Attachment: Geronimo-4748-2.1
I created a hacker valve used to clean up the security association with the
current thread before it is returned to the pool.
It must not the best solution to do it, but it is the easiest one, I think.
Thanks for any comment !
> Security context is not cleared before the thread is returned to the pool for
> Tomcat
> ------------------------------------------------------------------------------------
>
> Key: GERONIMO-4748
> URL: https://issues.apache.org/jira/browse/GERONIMO-4748
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.1.5, 2.2
> Reporter: Ivan
> Assignee: Ivan
> Priority: Critical
> Fix For: 2.1.5, 2.2
>
> Attachments: Geronimo-4748-2.1
>
>
> We do some authentication in the TomcatGeronimoRealm, and set the security
> context, but it is not cleared later.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
