Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-676

SecurityContext not suitable for use with pooled objects

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 2.3.3.Final
    • 2.3.2.Final
    • jaxrs
    • None

    Description

      When Resteasy injects a SecurityContext the underlying Request is set at creation time. If this object is then used to serve a different request (e.g. when using pooled SLSB's) then the SecurityContext will be tied to the wrong request, and will return potentially incorrect data each time.

      An example app that reproduces the issues is at https://issues.jboss.org/browse/AS7-3227

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. AS7-3227 When a Stateless Session Bean is used as a REST-Resource, calling getUserPrincipal() on an injected SecurityContext sometimes returns null

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved

          Activity

            People

              patriot1burke@gmail.com Bill Burke (Inactive)
              sdouglas1@redhat.com Stuart Douglas
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: