-
Bug
-
Resolution: Done
-
Major
-
None
-
None
The abort() method calls SecurityAssociationActions.popPrincipalInfo() even though the corresponding push happens in commit() [via SecurityAssociationActions.setPrincipalInfo(loginPrincipal, loginCredential, subject)]. That means, whenever a login fails, the commit is not called (thus nothing pushed), but the abort pops out an element from the stack. This should not be done. IMHO the abort() method should look like this:
public boolean abort() throws LoginException
{
if( trace )
log.trace("abort");
if( restoreLoginIdentity == false )
return true;
}
- relates to
-
JBAS-2820 ClientLoginModule improperly clears SecurityAssociation stack in logout()
- Closed