On Jun 17, 2008, at 12:37 AM, Martin Vysny wrote:
Probably the client identity should be removed from ThreadLocal on Context.close(), or J2SE security (doPrivileged) could be used to hold the principal. Should I open a bug?
Maybe not a bug, but definitely file a JIRA and mark it as "Improvement". A way to logout would be a good feature.
Context.close() is one option I hadn't thought of before. Could work. It sort of gives the impression that the security data is scoped at the Context, which wouldn't be a bad feature either. Anyway, we can definitely get something going here.
-David
