Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-120

DefaultAuthenticator logout method should clear the user from the authentication context

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Medium
    • None
    • None
    • None
    • true

    Description

      Currently, when the SecurityFilter runs, it sets a User object on the application's AuthenticationContext, which is a ThreadLocal.

      However, when you call DefaultAuthenticator.logout(), this object is not cleared. Is there a good reason for this? Because currently, Confluence does this manually in their logout code, and JIRA doesn't, which has caused a bug to occur in an edge case. It would probably be better design for seraph to handle the clearing of this object.

      Attachments

        Issue Links

          is cloned from

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-14662 After successfully importing an XML the rendering breaks showing the next page

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              mtokar Michael Tokar
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                16 years, 8 weeks, 1 day ago