tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Blevins <david.blev...@visi.com>
Subject Re: OpenEJB local interfaces JNDI security
Date Tue, 17 Jun 2008 21:03:05 GMT

On Jun 17, 2008, at 12:37 AM, Martin Vysny wrote:

> Probably the client identity should be removed from ThreadLocal on
> Context.close(), or J2SE security (doPrivileged) could be used to hold
> the principal. Should I open a bug?

Maybe not a bug, but definitely file a JIRA and mark it as  
"Improvement".  A way to logout would be a good feature.

Context.close() is one option I hadn't thought of before.  Could  
work.  It sort of gives the impression that the security data is  
scoped at the Context, which wouldn't be a bad feature either.   
Anyway, we can definitely get something going here.

-David


Mime
View raw message