From: jwynett <do-...@jb...> - 2006-02-27 20:32:49
|
If you look in the ClientLoginModule.logout method, if restoreloginidentity is true, it pops the subject context from the stack. After that, it removes the last principal from the subject.getPrincipals() set. A problem can occur when the same principal logs in more than once in a row and then one logs out. Since it is a Set, each principal can appear only once no matter how many times they log in. Here is the sequence: 1. login user "a"; principals set contains one principal ("a"). 2. login user "a" again; principals set contains one principal ("a"). 3. logout user "a"; the first user "a" is restored but principals set is empty. Same problem occurs if we login user "a", then "b" and then "a" again. I have not personally seen an error come up in my system due to this however it seems to me like there are two possibilities here: either is makes no difference what is in the principal set or some code depending on this will have a problem when it turns out that user "a" is currently logged in but the principals set is empty. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3926632#3926632 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3926632 |