Bug 1010662 - RBAC: Logging in as user with scoped role right after log out will mess up Authentication [NEEDINFO]
RBAC: Logging in as user with scoped role right after log out will mess up Au...
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Domain Management (Show other bugs)
6.2.0
Unspecified Unspecified
urgent Severity urgent
: ER3
: EAP 6.2.0
Assigned To: Darran Lofthouse
Jakub Cechacek
Russell Dickenson
: Regression
Depends On:
Blocks: eap62-beta-blockers
  Show dependency treegraph
 
Reported: 2013-09-22 06:42 EDT by Jakub Cechacek
Modified: 2015-02-01 18:00 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-15 11:20:38 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
myarboro: needinfo? (hbraun)


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker WFLY-2049 Blocker Resolved Logging in as user with scoped role right after log out will mess up Authentication 2016-06-20 07:00 EDT

  None (edit)
Description Jakub Cechacek 2013-09-22 06:42:50 EDT
It seems as some cache is not invalidated after logging in as user with scoped role. Logging as such user will cause page refresh to randomly switch between last 2 logged in users.
when I log in as user with non-scoped role and then switch (log out -> log in) as user with scoped role, refreshing the page will randomly switch between those users.

Steps to reproduce:

1) Start AS
2) Log into console as user with non-scoped role
3) Log out 
4) Log in as user with scoped role
5) Reload page few times and watch currently authenticated user
Comment 1 Jakub Cechacek 2013-09-23 05:00:34 EDT
6.2.0.ER2 is affected and the issue is regression against ER1.
Comment 2 JBoss JIRA Server 2013-09-23 08:30:38 EDT
Darran Lofthouse <darran.lofthouse@jboss.com> updated the status of jira WFLY-2049 to Coding In Progress
Comment 3 JBoss JIRA Server 2013-09-23 09:24:28 EDT
Darran Lofthouse <darran.lofthouse@jboss.com> made a comment on jira WFLY-2049

[~heiko.braun] Could you please clarify what you mean by 'different browser' - are you talking about another completely different browser e.g. go from Chrome to Firefox or are you talking about a new window from the same browser you were using previously?
Comment 7 JBoss JIRA Server 2013-09-23 11:03:47 EDT
Darran Lofthouse <darran.lofthouse@jboss.com> made a comment on jira WFLY-2049

I have sent a pull request for the one browser scenario with WildFly, regardless I believe that needs to be merged but I would like to ask for some additional testing to be performed with the fix to verify if this issue can be reproduced with two different browsers.
Comment 8 Darran Lofthouse 2013-09-23 13:21:20 EDT
Dev acking as a reproducible issue against a single browser.
Comment 11 JBoss JIRA Server 2013-09-24 05:45:22 EDT
Darran Lofthouse <darran.lofthouse@jboss.com> made a comment on jira WFLY-2049

Merged for the issue encountered with a single browser.
Comment 12 Jakub Cechacek 2013-09-26 07:40:01 EDT
verified for 6.2.0.ER3.

Single browser scenario - verified
concurrent logins (as different role) in multiple browsers - verified

Note You need to log in before you can comment on or make changes to this bug.