DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=39231>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39231 ------- Additional Comments From [EMAIL PROTECTED] 2006-04-19 00:45 ------- I don't have a patch, but I do have a solution that I can outline here. Basically, the LoginContext needs to be saved in the session so logout can be called on it when the session is invalidated or expires. Currently, this is a problem because the LoginContext is created in the JAASRealm and discarded after login is called and the only place that the session is available is in the Authenticator. Here is a proposed solution: 1) Create a pojo that has getPrincipal() and getLoginContext(). Let's call this pojo, RealmPrincipal. 2) Change the Realm's authenticate methods to return a RealmPrincipal object instead of a Principal. 3) Change the Realm impl's to create and return the RealmPrincipal, including the LoginContext where appropriate. 4) Change the Authentcator's to check to see if the LoginContext is not null and add it to the session notes the same as currently is being done with the principal. 5) Change the StandardSession expires() method to check for the LoginContext in the notes and call logout on it, if it is present. I hope this is clear and sufficient for a timely fix. Thanks. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
