Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-120

DefaultAuthenticator logout method should clear the user from the authentication context

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Medium
    • Resolution: Unresolved
    • None
    • None
    • None
    • true

    Description

      Currently, when the SecurityFilter runs, it sets a User object on the application's AuthenticationContext, which is a ThreadLocal.

      However, when you call DefaultAuthenticator.logout(), this object is not cleared. Is there a good reason for this? Because currently, Confluence does this manually in their logout code, and JIRA doesn't, which has caused a bug to occur in an edge case. It would probably be better design for seraph to handle the clearing of this object.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              mtokar Michael Tokar
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                14 years, 23 weeks, 4 days ago