|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
It seems that the CrowdServletFilter sometimes recreates the Authentication using autoLogin(), although it should already be available in the Spring SecurityContext. Shouldn't the SecurityContext be stored in the HttpSession? Otherwise every AJAX request of Jenkins may end up creating a new Spring SecurityContext, since its default strategy is "ThreadLocal"...