Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-8803

AbstractLoginModule and subclasses: successful commit must not clear state information required for successful logout

    XMLWordPrintableJSON

Details

    Description

      while working OAK-8710 in noticed that the main reason for the initial patch not work was the fact that subclasses of {AbstractLoginModule call clearState upon successful commit. this essentially clears all state information that is needed for a successful logout later on.... on the other hand it is crucial that subclasses of AbstractLoginModule close the system-session that was used for looking up principals during the commit phase.

      proposed fix: add protected closeSystemSession method that can be used instead of clearState upon successful commit, leaving the clearState only for those cases where commit fails or abort is called, which require the complete state the be wiped out.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. OAK-8710 AbstractLoginModule#logout() must not remove 'foreign' principals/credentials

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              angela Angela Schreiber
              angela Angela Schreiber
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: