You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2010/12/20 15:51:05 UTC
[jira] Closed: (SLING-1716) ResourceResolver objects may remain
unclosed after handleSecurity
[ https://issues.apache.org/jira/browse/SLING-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler closed SLING-1716.
-----------------------------------
> ResourceResolver objects may remain unclosed after handleSecurity
> -----------------------------------------------------------------
>
> Key: SLING-1716
> URL: https://issues.apache.org/jira/browse/SLING-1716
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.0.2
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Auth Core 1.0.4
>
>
> The SlingAuthenticator.handleSecurity method extracts credentials from the request (with the help of AuthenticationHandlers). Using these credentials, a ResourceResolver is created, presumably for use during request processing.
> After successfully creating the resource resolver AuthenticationFeedbackHandler.authenticationSucceeded is called. This method may redirect the request and return true to indicate the request should be terminated. Likewise the DefaultFeedbackHandler can do the same.
> If such a feedback handler decides to redirect the request after successfully creating the ResourceResolver, false is returned from the handleSecurity method to indicate to the OSGi HttpService to consider authentication failed and to terminate the request.
> In this situation, the ResourceResolver is not closed and will only eventually be closed thanks to the finalize() method implemented.
> This is not a good situation, though, and the handleSecurity method (or one of the ResourceResolver factory methods in the SlingAuthenticator) should close the ResourceResolver if the request should be terminated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.