Need comment on Issue #174 ASAP

Home Messages Hashtags

Will Hopkins #649 Arjan, Can you have a look at #174, and let me know what you think ASAP? To summarize, I think the RememberMeInterceptor must call invocationContext.proceed(), to delegate to the other interceptors/underlying HAM, when intercepting cleanSubject(). The spec says only that it must call rememberMeIdentityStore.removeLoginToken(), which is indeed necessary, but not sufficient -- the Subject is never cleaned. I'm preparing a commit to implement this in Soteria, but would appreciate your review, as this is a significant behavior change in an area the spec is silent on. Thanks, Will -- Will Hopkins \| WebLogic Security Architect \| +1.781.442.0310 Oracle Developer Experience 35 Network Drive, Burlington, MA 01803
More All Messages By This Member

Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.