Bug 1062101 - JAAS login module's logout() method is not invoked removing cache-type
Summary: JAAS login module's logout() method is not invoked removing cache-type
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.2.0,6.3.0
Hardware: Unspecified
OS: Unspecified
urgent
high
Target Milestone: DR11
: EAP 6.4.0
Assignee: Stefan Guilhen
QA Contact: Pavel Slavicek
URL:
Whiteboard: MustBeFixed
Depends On: 1160715
Blocks: 1168863
TreeView+ depends on / blocked
 
Reported: 2014-02-06 06:54 UTC by Hisanobu Okuda
Modified: 2019-08-19 12:40 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-19 12:38:45 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1062104 0 urgent CLOSED JAAS login module's logout() method is not invoked with cache-type="infinispan" 2021-02-22 00:41:40 UTC

Internal Links: 1062104

Description Hisanobu Okuda 2014-02-06 06:54:37 UTC 
Description of problem:
By default (cache-type="default"), HttpServletRequest.logout() invokes JAAS login module's logout().
Removing cache-type attribute from <security-domain/>, HttpServletRequest.logout() does not invoke JAAS login module's logout().

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Ivo Studensky 2014-09-05 07:33:51 UTC 
The issue here is that JBossGenericPrincipal is never provided with LoginContext. Hence GenericPrincipal.logout() cannot call a logout on it. 
If cached the LoginContext is stored within DomainInfo and logout is executed within a flushCache method invocation.
Comment 6 Josef Cacek 2014-11-28 13:30:57 UTC 
Verified in 6.4.0.DR11.
Note You need to log in before you can comment on or make changes to this bug.