Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
1.3.21.Final
-
None
Description
Once a user is authenticated, io.undertow.security.impl.CachedAuthenticatedSessionMechanism.sessionManager stores its session. When accessing another secured web resources, io.undertow.security.impl.CachedAuthenticatedSessionMechanism.runCached() verifies a credential cached in sessionManager. It is unnecessry.
In EAP6, a creadential is not re-verified. EAP7 should do likewise.
Attachments
Issue Links
- is cloned by
-
JBEAP-8644 No need to re-verify credential once authenticated.
- Closed