Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-5546

The flushOnSessionInvalidation is not parsed correctly from jboss-web.xml

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 11.0.0.Beta1
    • 10.0.0.CR3
    • Web (Undertow)
    • None

    Description

      The class org.jboss.metadata.parser.jbossweb.JBossWebMetaDataParser doesn't support reading "flushOnSessionInvalidation" attribute on "security-domain" element. And also the schema files for jboss-web.xml doesn't mention this attribute.

      The class org.jboss.metadata.web.jboss.JBossWebMetaData contains the attribute flushOnSessionInvalidation, which comes from old JBoss versions (3.2 and 4.0). The description says:

      The jboss-web.xml security-domain element now supports a flushOnSessionInvalidation boolean attribute that when true, will flush the security-domain JAAS authentication cache for the associated user principal.

      This attribute is also supported in WildFly integration with Undertow (look at source), but the code is never reached as the flushOnSessionInvalidation attribute value stays always false.

      Attachments

        Issue Links

          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. JBMETA-392 The flushOnSessionInvalidation attribute is missing in the jboss-web schema and the parser

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. WFLY-8448 Upgrade JBoss Metadata from 10.0.0.Final to 10.0.2.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-1564 [GSS](7.1.0) The flushOnSessionInvalidation is not parsed correctly from jboss-web.xml

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. WFLY-9102 Create test for JBoss does not flush the security-domain JAAS authentication cache on session invalidation

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. WFLY-3221 flushOnSessionInvalidation attribute in jboss-web.xml does not flush user credentials

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              istudens@redhat.com Ivo Studensky
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              5 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: