Bugs item #565804, was opened at 2002-06-07 09:09 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=376685&aid=565804&group_id=22866
Category: None Group: v3.0 Rabbit Hole Status: Open Resolution: None Priority: 5 Submitted By: Andrew Thorn (sigbur) Assigned to: Nobody/Anonymous (nobody) Summary: JBossUserPrincipal not cleared Initial Comment: I have an application that regressed between JBoss 3.0 RC3 and JBoss 3.0.0 Final. A call from a JSP to session.invalidate() has become inconsistent. Using FORM based login to a Jetty web application. I have set up a security-constraint in web.xml that protects index.jsp and requires someone with 'user' role must be logged in to see it. If the web application is accessed from the http://myhost:8080/mywebapp/ URL, index.jsp is displayed without forwarding to the login.jsp named in the login-config. If http://myhost:8080/mywebapp/index.jsp is accessed, the forwarding to login.jsp *is* done. A call to session.invalidate() in my logout.jsp used to work properly, but now it doesn't seem to clear the session properly. The web application will still intermittently remember who was logged in last. As stated, JBoss 3.0RC3 does not exhibit this behaviour. The following log trace occurred after the following sequence. Log in as admin, navigate application for a little while. Log out (with session.invalidate()) then log in as publisher. Log out. Then I was able to go to my index.jsp, and when it forwarded to login.jsp, the 'admin' principal suddenly reappeared as active. 2002-06-07 09:03:27,679 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: publisher is in Role: publisher 2002-06-07 09:03:27,680 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: publisher is in Role: publisher 2002-06-07 09:03:38,079 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: user 2002-06-07 09:03:38,079 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: user 2002-06-07 09:03:38,082 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: user 2002-06-07 09:03:38,083 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: admin 2002-06-07 09:03:38,083 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is NOT in Role: publisher 2002-06-07 09:03:38,083 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is NOT in Role: publisher2002-06-07 09:03:27,679 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: publisher is in Role: publisher 2002-06-07 09:03:27,680 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: publisher is in Role: publisher 2002-06-07 09:03:38,079 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: user 2002-06-07 09:03:38,079 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: user 2002-06-07 09:03:38,082 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: user 2002-06-07 09:03:38,083 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: admin 2002-06-07 09:03:38,083 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is NOT in Role: publisher 2002-06-07 09:03:38,083 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is NOT in Role: publisher2002-06-07 09:03:27,679 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: publisher is in Role: publisher 2002-06-07 09:03:27,680 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: publisher is in Role: publisher 2002-06-07 09:03:38,079 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: user 2002-06-07 09:03:38,079 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: user 2002-06-07 09:03:38,082 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: user 2002-06-07 09:03:38,083 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: admin 2002-06-07 09:03:38,083 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is NOT in Role: publisher 2002-06-07 09:03:38,083 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is NOT in Role: publisher2002-06-07 09:03:27,679 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: publisher is in Role: publisher 2002-06-07 09:03:27,680 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: publisher is in Role: publisher 2002-06-07 09:03:38,079 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: user 2002-06-07 09:03:38,079 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: user 2002-06-07 09:03:38,082 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: user 2002-06-07 09:03:38,083 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is in Role: admin 2002-06-07 09:03:38,083 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is NOT in Role: publisher 2002-06-07 09:03:38,083 DEBUG [org.jboss.jetty.security.JBossUserRealm#SDPA] JBossUserPrincipal: admin is NOT in Role: publisher What changed that might have caused this kind of thing to happen? Should I be reporting this against Jetty? -S ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=376685&aid=565804&group_id=22866 _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
