Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1062101

Summary: JAAS login module's logout() method is not invoked removing cache-type
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Hisanobu Okuda <hokuda>
Component: SecurityAssignee: Stefan Guilhen <sguilhen>
Status: CLOSED CURRENTRELEASE QA Contact: Pavel Slavicek <pslavice>
Severity: high Docs Contact:
Priority: urgent    
Version: 6.2.0, 6.3.0CC: anmiller, bdawidow, cdewolf, istudens, jkudrnac, kkhan, okotek
Target Milestone: DR11   
Target Release: EAP 6.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: MustBeFixed
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-19 12:38:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1160715    
Bug Blocks: 1168863    

Description Hisanobu Okuda 2014-02-06 06:54:37 UTC 
Description of problem:
By default (cache-type="default"), HttpServletRequest.logout() invokes JAAS login module's logout().
Removing cache-type attribute from <security-domain/>, HttpServletRequest.logout() does not invoke JAAS login module's logout().

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Ivo Studensky 2014-09-05 07:33:51 UTC 
The issue here is that JBossGenericPrincipal is never provided with LoginContext. Hence GenericPrincipal.logout() cannot call a logout on it. 
If cached the LoginContext is stored within DomainInfo and logout is executed within a flushCache method invocation.
Comment 6 Josef Cacek 2014-11-28 13:30:57 UTC 
Verified in 6.4.0.DR11.