jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Angela Schreiber (Jira)" <j...@apache.org>
Subject [jira] [Updated] (OAK-8803) AbstractLoginModule and subclasses: successful commit must not clear state information required for successful logout
Date Tue, 03 Dec 2019 07:44:00 GMT

     [ https://issues.apache.org/jira/browse/OAK-8803?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Angela Schreiber updated OAK-8803:
----------------------------------
    Priority: Minor  (was: Major)

> AbstractLoginModule and subclasses: successful commit must not clear state information
required for successful logout
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: OAK-8803
>                 URL: https://issues.apache.org/jira/browse/OAK-8803
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: auth-external, core, security, security-spi
>            Reporter: Angela Schreiber
>            Assignee: Angela Schreiber
>            Priority: Minor
>             Fix For: 1.22.0
>
>
> while working OAK-8710 in noticed that the main reason for the initial patch not work
was the fact that subclasses of {{{AbstractLoginModule}} call {{clearState}} upon successful
{{commit}}. this essentially clears all state information that is needed for a successful
logout later on.... on the other hand it is crucial that subclasses of {{AbstractLoginModule}}
close the system-session that was used for looking up principals during the commit phase.

> proposed fix: add protected {{closeSystemSession}} method that can be used instead of
{{clearState}} upon successful {{commit}}, leaving the {{clearState}} only for those cases
where {{commit}} fails or {{abort}} is called, which require the complete state the be wiped
out.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message