Description
Once a user is authenticated, io.undertow.security.impl.CachedAuthenticatedSessionMechanism.sessionManager stores its session. When accessing another secured web resources, io.undertow.security.impl.CachedAuthenticatedSessionMechanism.runCached() verifies a credential cached in sessionManager. It is unnecessry.
In EAP6, a creadential is not re-verified. EAP7 should do likewise.
Attachments
Issue Links
- clones
-
UNDERTOW-979 No need to re-verify credential once authenticated.
- Open