Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-7882

CAS2 authenticator is not thread safe

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 5.3.2
    • Fix Version/s: 5.5
    • Component/s: None

      Description

      When two users log in and retrieve a ticket from the CAS server at exactly the same time, they may end up with the other user's ticket (and so be logged in with its identity and rights).

      This is due to the fact that in our CAS2 plugin the authenticator implementation is not thread-safe. We should correct that for ticket and proxy validators.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                PagerDuty

                Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.