Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
After having authenticated via JASPIC, calling HttpServletRequest#logout from a Servlet and then requesting the caller/user principal (all within the same request), TomEE 7.0.0-SNAPSHOT from 05-05-2016 will correctly clear out the principal for the web context, but will NOT clear out the principal for the EJB context.
A test case exists at https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic/ejb-propagation
To reproduce it, deploy the ejb-propagation war to TomEE and request http://localhost:8080/jaspic-ejb-propagation/public/servlet-public-ejb-logout?doLogin=true
The result that's printed is:
web username: test EJB username: test web username after logout: null EJB username after logout: test
The EJB username after the logout should not be "test".