1010662 – RBAC: Logging in as user with scoped role right after log out will mess up Authentication

Bug 1010662 - RBAC: Logging in as user with scoped role right after log out will mess up Authentication [NEEDINFO]

Summary: RBAC: Logging in as user with scoped role right after log out will mess up Au...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Domain Management
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	ER3
Target Release:	EAP 6.2.0
Assignee:	Darran Lofthouse
QA Contact:	Jakub Cechacek
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:	eap62-beta-blockers
TreeView+	depends on / blocked

Reported:	2013-09-22 10:42 UTC by Jakub Cechacek
Modified:	2015-02-01 23:00 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-12-15 16:20:38 UTC
Type:	Bug
Flags:	myarboro: needinfo? (hbraun)

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	WFLY-2049	0	Blocker	Resolved	Logging in as user with scoped role right after log out will mess up Authentication	2016-06-20 11:00:01 UTC

Description Jakub Cechacek 2013-09-22 10:42:50 UTC

It seems as some cache is not invalidated after logging in as user with scoped role. Logging as such user will cause page refresh to randomly switch between last 2 logged in users.
when I log in as user with non-scoped role and then switch (log out -> log in) as user with scoped role, refreshing the page will randomly switch between those users.

Steps to reproduce:

1) Start AS
2) Log into console as user with non-scoped role
3) Log out 
4) Log in as user with scoped role
5) Reload page few times and watch currently authenticated user

Comment 1 Jakub Cechacek 2013-09-23 09:00:34 UTC

6.2.0.ER2 is affected and the issue is regression against ER1.

Comment 2 JBoss JIRA Server 2013-09-23 12:30:38 UTC

Darran Lofthouse <darran.lofthouse> updated the status of jira WFLY-2049 to Coding In Progress

Comment 3 JBoss JIRA Server 2013-09-23 13:24:28 UTC

Darran Lofthouse <darran.lofthouse> made a comment on jira WFLY-2049

[~heiko.braun] Could you please clarify what you mean by 'different browser' - are you talking about another completely different browser e.g. go from Chrome to Firefox or are you talking about a new window from the same browser you were using previously?

Comment 7 JBoss JIRA Server 2013-09-23 15:03:47 UTC

Darran Lofthouse <darran.lofthouse> made a comment on jira WFLY-2049

I have sent a pull request for the one browser scenario with WildFly, regardless I believe that needs to be merged but I would like to ask for some additional testing to be performed with the fix to verify if this issue can be reproduced with two different browsers.

Comment 8 Darran Lofthouse 2013-09-23 17:21:20 UTC

Dev acking as a reproducible issue against a single browser.

Comment 11 JBoss JIRA Server 2013-09-24 09:45:22 UTC

Darran Lofthouse <darran.lofthouse> made a comment on jira WFLY-2049

Merged for the issue encountered with a single browser.

Comment 12 Jakub Cechacek 2013-09-26 11:40:01 UTC

verified for 6.2.0.ER3.

Single browser scenario - verified
concurrent logins (as different role) in multiple browsers - verified

Note You need to log in before you can comment on or make changes to this bug.