project_key: JBEPP

A) Use attached patch for InitiateLoginServlet (class comes from EPP code) which ensures lazy initialization of longValidity and so it avoid situation that incorrect portal container "portal" is bound to ExoContainerContext thread-local variable. I think this patch should be applied anyway as bounding bad portal container can have other potential side-effects.

Index: component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java
===================================================================
--- component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java    (revision 6031)
+++ component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java    (revision )
@@ -19,6 +19,7 @@
 
 package org.exoplatform.web.login;
 
+import org.exoplatform.container.RootContainer;
 import org.exoplatform.container.web.AbstractHttpServlet;
 import org.exoplatform.web.security.security.AbstractTokenService;
 import org.exoplatform.web.security.security.CookieTokenService;
@@ -53,10 +54,6 @@
    public static final String COOKIE_NAME = "rememberme";
 
    /** . */
-   public static final long LOGIN_VALIDITY =
-           1000 * TicketConfiguration.getInstance(TicketConfiguration.class).getValidityTime();
-
-   /** . */
    private WCIController wciController;
 
    /** . */
@@ -112,7 +109,7 @@
       else
       {
          // WCI authentication
-         servletContainer.login(req, resp, credentials, LOGIN_VALIDITY, wciController.getInitialURI(req));
+         servletContainer.login(req, resp, credentials, getLoginValidity(), wciController.getInitialURI(req));
       }
    }
 
@@ -158,4 +155,9 @@
       }
       return wciController;
    }
+
+   private long getLoginValidity()
+   {
+      return 1000 * TicketConfiguration.getInstance(TicketConfiguration.class).getValidityTime();
-}
+   }
+}


This would also be better to remove the workaround JBEPP-1407