[
https://issues.apache.org/jira/browse/OAK-2872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Parvulescu resolved OAK-2872.
----------------------------------
Resolution: Fixed
thanks for the review [~tripod] and [~anchela]!
I added the missing cleanup with rev http://svn.apache.org/r1680747
One more thing I noticed while looking at the TokenLoginModule for inspiration,
is that it doesn't cleanup the internal state before throwing a LoginException,
could this be an issue? [1]
[1]
https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java#L182
> ExternalLoginModule should clear state when login was not successful
> --------------------------------------------------------------------
>
> Key: OAK-2872
> URL: https://issues.apache.org/jira/browse/OAK-2872
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: auth-external
> Reporter: Alex Parvulescu
> Assignee: Alex Parvulescu
> Fix For: 1.3.0
>
>
> As discussed in [1], it looks like the ExternalLoginModule ignores cleaning
> up its internal state when login was not successful.
> What I assume happens next is the old session (probably the initial one
> created on the very first login call) would be reused throughout the module's
> lifetime, which would in the end result in the SNFEs post compaction.
> [1] http://markmail.org/thread/pcmlz74ngxl7sqfy
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
