You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Angela Schreiber (Jira)" <ji...@apache.org> on 2019/11/27 08:19:00 UTC

[jira] [Created] (OAK-8803) AbstractLoginModule and subclasses: successful commit must not clear state information required for successful logout

Angela Schreiber created OAK-8803:
-------------------------------------

             Summary: AbstractLoginModule and subclasses: successful commit must not clear state information required for successful logout
                 Key: OAK-8803
                 URL: https://issues.apache.org/jira/browse/OAK-8803
             Project: Jackrabbit Oak
          Issue Type: Bug
          Components: auth-external, core, security, security-spi
            Reporter: Angela Schreiber
            Assignee: Angela Schreiber


while working OAK-8710 in noticed that the main reason for the initial patch not work was the fact that subclasses of {{{AbstractLoginModule}} call {{clearState}} upon successful {{commit}}. this essentially clears all state information that is needed for a successful logout later on.... on the other hand it is crucial that subclasses of {{AbstractLoginModule}} close the system-session that was used for looking up principals during the commit phase. 

proposed fix: add protected {{closeSystemSession}} method that can be used instead of {{clearState}} upon successful {{commit}}, leaving the {{clearState}} only for those cases where {{commit}} fails or {{abort}} is called, which require the complete state the be wiped out.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)