Details
-
Bug
-
Resolution: Done
-
Major
-
JBossAS-4.0.0 Final, JBossAS-3.2.6 Final
-
None
-
None
Description
Change the implementation of the authorization phase to use the roles associated with the thread local copy of the authenticated Subject rather than using the domain cache values. This is needed as there is a race condition between authenticating and then using the cached roles and the next thread flushing the cache value. This shows up particularly when the auth cache is disabled and each new authentication flushes the cache. Fixes [ 1064635 ] principalRoles=null but princpal and roles are okay.