Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 2.3.3.Final
Affects Version/s: 2.3.2.Final
Component/s: jaxrs
Labels:
None

When Resteasy injects a SecurityContext the underlying Request is set at creation time. If this object is then used to serve a different request (e.g. when using pooled SLSB's) then the SecurityContext will be tied to the wrong request, and will return potentially incorrect data each time.

An example app that reproduces the issues is at https://issues.jboss.org/browse/AS7-3227

blocks

AS7-3227 When a Stateless Session Bean is used as a REST-Resource, calling getUserPrincipal() on an injected SecurityContext sometimes returns null

Resolved

Assignee:: Bill Burke (Inactive)

Reporter:: Stuart Douglas (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2012/03/11 6:28 PM

Updated:: 2020/09/14 5:42 AM

Resolved:: 2012/04/20 11:52 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates