Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-120

DefaultAuthenticator logout method should clear the user from the authentication context

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • None
    • None
    • true

      Currently, when the SecurityFilter runs, it sets a User object on the application's AuthenticationContext, which is a ThreadLocal.

      However, when you call DefaultAuthenticator.logout(), this object is not cleared. Is there a good reason for this? Because currently, Confluence does this manually in their logout code, and JIRA doesn't, which has caused a bug to occur in an edge case. It would probably be better design for seraph to handle the clearing of this object.

              Unassigned Unassigned
              mtokar Michael Tokar
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                16 years, 43 weeks, 2 days ago