You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "Marcel Reutegger (JIRA)" <ji...@apache.org> on 2010/07/02 15:22:49 UTC

[jira] Updated: (JCR-2671) AbstractLoginModule must not call abort() in commit()

     [ https://issues.apache.org/jira/browse/JCR-2671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marcel Reutegger updated JCR-2671:
----------------------------------

    Attachment: JCR-2671.patch

Proposed changes and test case.

> AbstractLoginModule must not call abort() in commit()
> -----------------------------------------------------
>
>                 Key: JCR-2671
>                 URL: https://issues.apache.org/jira/browse/JCR-2671
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core
>    Affects Versions: 2.0.0, 2.1.0
>            Reporter: Marcel Reutegger
>            Priority: Minor
>         Attachments: JCR-2671.patch
>
>
> AbstractLoginModule.commit() currently may call abort() when it detects that the login did not succeed. abort() will reset any state in the login module, including state shared between multiple login modules like Principals in the Subject. When there actually are multiple module, this will delete shared state that was set by other login modules. Moreover, the method commit() is only called when the overall authentication succeeded. Thus, it seems strange to call abort() from within commit().

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.