[
https://issues.apache.org/jira/browse/JCR-2671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jukka Zitting updated JCR-2671:
-------------------------------
Fix Version/s: 2.1.1
Merged to the 2.1 branch in revision 982299.
> AbstractLoginModule must not call abort() in commit()
> -----------------------------------------------------
>
> Key: JCR-2671
> URL: https://issues.apache.org/jira/browse/JCR-2671
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core
> Affects Versions: 2.0.0, 2.1.0
> Reporter: Marcel Reutegger
> Priority: Minor
> Fix For: 2.1.1, 2.2.0
>
> Attachments: JCR-2671.patch
>
>
> AbstractLoginModule.commit() currently may call abort() when it detects that
> the login did not succeed. abort() will reset any state in the login module,
> including state shared between multiple login modules like Principals in the
> Subject. When there actually are multiple module, this will delete shared
> state that was set by other login modules. Moreover, the method commit() is
> only called when the overall authentication succeeded. Thus, it seems strange
> to call abort() from within commit().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
