You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/09/01 16:56:53 UTC
[jira] Created: (SLING-1716) ResourceResolver objects may remain
unclosed after handleSecurity
ResourceResolver objects may remain unclosed after handleSecurity
-----------------------------------------------------------------
Key: SLING-1716
URL: https://issues.apache.org/jira/browse/SLING-1716
Project: Sling
Issue Type: Bug
Components: Authentication
Affects Versions: Auth Core 1.0.2
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: Auth Core 1.0.4
The SlingAuthenticator.handleSecurity method extracts credentials from the request (with the help of AuthenticationHandlers). Using these credentials, a ResourceResolver is created, presumably for use during request processing.
After successfully creating the resource resolver AuthenticationFeedbackHandler.authenticationSucceeded is called. This method may redirect the request and return true to indicate the request should be terminated. Likewise the DefaultFeedbackHandler can do the same.
If such a feedback handler decides to redirect the request after successfully creating the ResourceResolver, false is returned from the handleSecurity method to indicate to the OSGi HttpService to consider authentication failed and to terminate the request.
In this situation, the ResourceResolver is not closed and will only eventually be closed thanks to the finalize() method implemented.
This is not a good situation, though, and the handleSecurity method (or one of the ResourceResolver factory methods in the SlingAuthenticator) should close the ResourceResolver if the request should be terminated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SLING-1716) ResourceResolver objects may remain
unclosed after handleSecurity
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-1716.
--------------------------------------
Resolution: Fixed
Fixed in Rev 991578.
> ResourceResolver objects may remain unclosed after handleSecurity
> -----------------------------------------------------------------
>
> Key: SLING-1716
> URL: https://issues.apache.org/jira/browse/SLING-1716
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.0.2
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Auth Core 1.0.4
>
>
> The SlingAuthenticator.handleSecurity method extracts credentials from the request (with the help of AuthenticationHandlers). Using these credentials, a ResourceResolver is created, presumably for use during request processing.
> After successfully creating the resource resolver AuthenticationFeedbackHandler.authenticationSucceeded is called. This method may redirect the request and return true to indicate the request should be terminated. Likewise the DefaultFeedbackHandler can do the same.
> If such a feedback handler decides to redirect the request after successfully creating the ResourceResolver, false is returned from the handleSecurity method to indicate to the OSGi HttpService to consider authentication failed and to terminate the request.
> In this situation, the ResourceResolver is not closed and will only eventually be closed thanks to the finalize() method implemented.
> This is not a good situation, though, and the handleSecurity method (or one of the ResourceResolver factory methods in the SlingAuthenticator) should close the ResourceResolver if the request should be terminated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.