[
https://issues.apache.org/jira/browse/SHIRO-799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17231610#comment-17231610
]
Brian Demers commented on SHIRO-799:
------------------------------------
Hi [~Leven] If you think there is a security concern in a project, it's best to
report it directly to the project's security team:
[https://www.apache.org/security/] (this is good advice for non-apache projects
too)
> When ThreadContext works with ThreadPool bring security issues
> --------------------------------------------------------------
>
> Key: SHIRO-799
> URL: https://issues.apache.org/jira/browse/SHIRO-799
> Project: Shiro
> Issue Type: Bug
> Components: Authorization (access control)
> Affects Versions: 1.4.0, 1.7.0
> Reporter: leven.chen
> Priority: Major
>
> Beacause ThreadContext use InheritableThreadLocalMap , but when it work with
> ThreadPool , it bring security problem. Although, we can use
> SubjectAwareExecutor or SubjectAwareExecutorService to fix this problem. but
> not elegant . Maybe use ThreadLocal or
> *[Transmittable-thread-local|https://github.com/alibaba/transmittable-thread-local]*
> better then InheritableThreadLocal
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
