[
https://issues.apache.org/jira/browse/OAK-8710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16969283#comment-16969283
]
Manfred Baedke commented on OAK-8710:
-------------------------------------
[~angela],
bq. ok. i guess what is really important for the issue at hand is that only
principals/credentials that have been set by the commit of this login module
get removed upon logout (or destroyed in case the subject is readonly
Not quite. I'll attach a debugger screenshot where you can see that the
inherited subject is readonly and there is only one principal. Maybe
LoginContextProviderImpl#getSubject() is the real problem, because in this case
it does not return a pre-authenticated subject created by Oak, but instead the
subject from the inherited AccessControlContext.
> AbstractLoginModule#logout() may fail in the presence of unknown principals
> ---------------------------------------------------------------------------
>
> Key: OAK-8710
> URL: https://issues.apache.org/jira/browse/OAK-8710
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security-spi
> Reporter: Manfred Baedke
> Assignee: Angela Schreiber
> Priority: Major
> Attachments: logout.png
>
>
> See
> https://github.com/apache/jackrabbit-oak/blob/9569d659f0655d3ba16c1cfe1fbb5f53959f701f/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java#L189:
> The criterion for logout() to succeed is
> {code}!subject.getPrincipals().isEmpty() &&
> !subject.getPublicCredentials(Credentials.class).isEmpty(){code}
> This did not work in a case where the subject was created by a thread
> handling an authenticated JMX connection (and later passed on to other
> threads due to AccessControlContext inheritage).
> I'd propose to make logout() succeed unconditionally, but I'm not entirely
> sure about side effects.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
