DefaultAuthenticator logout method should clear the user from the authentication context

XMLWordPrintable

    • Type: Improvement
    • Resolution: Unresolved
    • Priority: Medium
    • None
    • Affects Version/s: None
    • None

      Currently, when the SecurityFilter runs, it sets a User object on the application's AuthenticationContext, which is a ThreadLocal.

      However, when you call DefaultAuthenticator.logout(), this object is not cleared. Is there a good reason for this? Because currently, Confluence does this manually in their logout code, and JIRA doesn't, which has caused a bug to occur in an edge case. It would probably be better design for seraph to handle the clearing of this object.

            Assignee:
            Unassigned
            Reporter:
            Michael Tokar
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: