Bugs item #962223, was opened at 2004-05-28 06:47 Message generated for change (Comment added) made by starksm You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=376685&aid=962223&group_id=22866
>Category: JBossWeb Group: v3.2 >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: anbenham (anbenham) Assigned to: Scott M Stark (starksm) Summary: SecurityAssociation mixing users Initial Comment: Calling SecurityAssociation in the login Page or just after the logout gives sometimes the subject or the principal of another user, who is logged in in another Session . To get the error: 1- Build the application, or use the ear in dist 1a- Add the lines from my login-config.xml to your jboss login-config.xml 1b- add the file sec.jar to your server lib !!!! 2- Start the application (http://localhost:8080/secsample) 3- Log in with admin admin (and don�t log out) 4- Start another session 5- Log in with master master, then log out 6- You would see on the login page : Security Information request.getUserPrincipal()==> null SecurityAssociation.getPrincipal()==> null SecurityAssociation.getSubject()==> Betreff: Principal: [EMAIL PROTECTED] Principal: Roles(members:authenticated,delete,show,edit) Principal: CallerPrincipal (members:[EMAIL PROTECTED] d) Principals in Subject: [EMAIL PROTECTED] Roles(members:authenticated,delete,show,edit) CallerPrincipal (members:[EMAIL PROTECTED] d) Is this normal? I am using JBos 3.2.3 with embedded Tomcat ---------------------------------------------------------------------- >Comment By: Scott M Stark (starksm) Date: 2004-05-28 11:13 Message: Logged In: YES user_id=175228 The Subject associated with the thread was not being cleared, but the the principal and credentials were. Although this does not affect authentication or authorization, it can cause a previously authenticated Subject to be seen in an unauthenticated context. See the following for more info and the patch location: https://sourceforge.net/docman/display_doc.php?docid=23048&group_id=22866 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=376685&aid=962223&group_id=22866 ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
