Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.0.8.CR1, 7.0.8.GA
Affects Version/s: 7.0.0.DR12
Component/s: Undertow
Labels:
- regression

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.0.z.GA
Git Pull Request:
https://github.com/jbossas/jboss-eap7/pull/2086

Sprint:
EAP 7.0.8

SFDC Cases Counter:
SFDC Cases Links:

The class org.jboss.metadata.parser.jbossweb.JBossWebMetaDataParser doesn't support reading "flushOnSessionInvalidation" attribute on "security-domain" element. And also the schema files for jboss-web.xml doesn't mention this attribute.

The class org.jboss.metadata.web.jboss.JBossWebMetaData contains the attribute flushOnSessionInvalidation, which comes from old JBoss versions (3.2 and 4.0). The description says:

The jboss-web.xml security-domain element now supports a flushOnSessionInvalidation boolean attribute that when true, will flush the security-domain JAAS authentication cache for the associated user principal.

This attribute is also supported in WildFly integration with Undertow (look at source), but the code is never reached as the flushOnSessionInvalidation attribute value stays always false.

clones

JBEAP-1564 [GSS](7.1.0) The flushOnSessionInvalidation is not parsed correctly from jboss-web.xml

Verified

is blocked by

JBEAP-11891 [GSS](7.0.z) Upgrade JBoss Metadata from 10.0.1.Final to 10.0.2.Final

Verified

is caused by

JBMETA-392 The flushOnSessionInvalidation attribute is missing in the jboss-web schema and the parser

Resolved

relates to

JBEAP-12838 [SET](7.0.z) HttpSession.invalidate() requires additional permissions if Security Manager is enabled

Verified

Assignee:: Ivo Studensky

Reporter:: Derek Horton

Tester:: Michael Cada

QA Contact:: Michael Cada

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2017/06/19 11:31 AM

Updated:: 2020/09/30 2:20 PM

Resolved:: 2017/08/31 4:01 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates