There is a problem with the use of ThreadLocals to record Authentication
when the client (in this case Jetty) is using ThreadPools.
I have previously mentioned this, but now I have confirmation that it is
a problem for a Client.
He created a small thread pool for the listener (4 threads), then
Yeah that is a serious problem, we need Session based authentication.
marcf
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED]]On Behalf Of Greg
|Wilkins
|Sent: Monday, February 25, 2002 4:31 PM
|To: [EMAIL PROTECTED]; jules
|Subject: [JBoss-dev] Security problem
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]; jules [EMAIL PROTECTED]
Sent: Monday, February 25, 2002 4:30 PM
Subject: [JBoss-dev] Security problem in authentication model.
There is a problem with the use of ThreadLocals to record Authentication
when the client (in this case Jetty) is using
.
Scott Stark
Chief Technology Officer
JBoss Group, LLC
- Original Message -
From: Greg Wilkins [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; jules [EMAIL PROTECTED]
Sent: Monday, February 25, 2002 4:30 PM
Subject: [JBoss-dev] Security problem
Scott M Stark wrote:
This is why the Catalina security integration implements both
the Realm and Valve interfaces. The Realm callbacks establish
the authentication and the Valve limits the scope of the information
to the duration of the request. The thread of control returns to
the Catalina
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, February 25, 2002 6:48 PM
Subject: Re: [JBoss-dev] Security problem in authentication model.
Scott M Stark wrote:
This is why the Catalina security integration implements both
the Realm and Valve interfaces. The Realm callbacks establish