Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-9092

propagated security context leaks in JBoss

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 5.4.2, 5.5
    • Fix Version/s: 5.4.2-HF21, 5.5.0-HF06, 5.6-RC1, 5.6
    • Component/s: None
    • Upgrade notes:
      Hide

      Add in the definition of the authentication plugin

      <needStartingURLSaving>true</needStartingURLSaving>

      Show
      Add in the definition of the authentication plugin <needStartingURLSaving>true</needStartingURLSaving>

      Description

      In Jboss, the authentication filter is pushing the security context into a thread local through the JBossAuthenticationPropagator. Problem is that the context is not cleared when the filter return.

        Attachments

          Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. NXP-9105 inherited security contexts leaks in JBoss

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. NXP-7326 Fix concurrent usage of the login stack under heavy load

          • Major - Major loss of function.
          • Closed

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: