https://issues.apache.org/bugzilla/show_bug.cgi?id=56989
--- Comment #3 from Mel Martinez <m.marti...@ll.mit.edu> --- Sigh. Some typos. I wish Bugzilla allowed us to edit comments. ----- should be---- The issue is that a) the SecurityContextHolder class has a static reference to a 'strategy' object. b) When a request goes to war1 the SecurityContextHolder class is loaded from war1, initialized and the strategy object is created out of the classes in war1. c) When a request next goes to war2, the SecurityContextHolder class for war2 is loaded from the war2 (correctly) but it's static field STILL points to the strategy object created in (b), from war1! d) Because the strategy object was loaded from war1, when it's "createEmptyContext()" method is called, it creates a SecurityContextImpl instance using the class for that from war1. e) Finally, this will "fail" when you attempt to use this object within war2 because assigning it to a reference of type SecurityContext will throw a ClassCastException. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
