[ http://jira.jboss.com/jira/browse/JBAS-48?page=comments#action_12310839 ] Scott M Stark commented on JBAS-48: -----------------------------------
That is not true, and is not demonstrated by the attached testcase if you use a reasonable timeout. The permissions associated with the user have nothing to do with the session id. Only the principal defines the associated permissions. All the lack of hashCode and equals causes is for the credentials to fail to match the JaasSecurityManager cache keyed by the principal name. This results in a failover to the SRPCacheLoginModule to revalidate the caller, and this results in a match on the principal+sessionID. There is no visible difference in behavior unless your watching the login module get executed repeatedly. > SRP: Mulitple Clients > --------------------- > > Key: JBAS-48 > URL: http://jira.jboss.com/jira/browse/JBAS-48 > Project: JBoss Application Server > Type: Bug > Components: Security > Versions: JBossAS-4.0.0 Final, JBossAS-3.2.6 Final > Environment: Any > Reporter: Nuno Meira > Assignee: Scott M Stark > Fix For: JBossAS-4.0.1 Final, JBossAS-3.2.7 Final > Attachments: JAASBugSRP.rar > > > This relates to this forum post: > http://www.jboss.org/index.html?module=bb&op=viewtopic&t=57042 > The problem is in the SRPPrincipal. The equals/hashCode implementation > only accounts for the name, it does not include the session id. > Need to add these methods, something like: > public boolean equals(Object obj) > { > SRPPrincipal other = (SRPPrincipal) obj; > return this.getName().equals(other.getName()) && this.sessionID == > other.sessionID; > } > public int hashCode() > { > return this.getName().hashCode() + this.sessionID; > } > Verified by [EMAIL PROTECTED] on site. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
