[
https://issues.apache.org/jira/browse/GERONIMO-4748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12736896#action_12736896
]
Ivan commented on GERONIMO-4748:
--------------------------------
The reason that I did not add the codes of oldCallers is that, I checked the
invocation stack of our portlets, and found the ThreadCleanerValve is only
invoked once, but anyway, adding it should be a double-guarantee. I will do
this changes to 2.1.5 snaphost.
Thanks, Davild !
> Security context is not cleared before the thread is returned to the pool for
> Tomcat
> ------------------------------------------------------------------------------------
>
> Key: GERONIMO-4748
> URL: https://issues.apache.org/jira/browse/GERONIMO-4748
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.1.5, 2.2
> Reporter: Ivan
> Assignee: Ivan
> Priority: Critical
> Fix For: 2.1.5, 2.2
>
> Attachments: Geronimo-4748-2.1
>
>
> We do some authentication in the TomcatGeronimoRealm, and set the security
> context, but it is not cleared later.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
