Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.1.2
-
None
-
any o.s.
Description
RemoteInitialContextFactory extends JNDIContext and it has an empty logout() method.
This leads to a possible memory leak. In fact, when using TomcatSecurityService (or any other SecurityService) in conjunction with RemoteInitialContextFactory, a logout invocation is not propagated to the AbstractSecurityService.logout(), so its "identities" Map is never emptied.