Re: Need comment on Issue #174 ASAP


Will Hopkins
 

Thanks, Arjan.

FYI, PR #177 adds the call to proceed(), if you want to have a look. The SecurityManager aspect is puzzling, but I suspect it's actually unrelated, or is related only because an access control problem of some kind masked or unmasked the underlying problem.

Will

On 08/17/2017 10:36 AM, Arjan Tijms wrote:
Hi,

Just saw this coming in so sorry for the somewhat late reply.

I'm indeed pretty sure it needs to call `invocationContext.proceed()` like you mention. The moment it calls this probably doesn't even matter that much. It can either do it before it cleans up its own cookie or afterwards.

I do wonder about the SecurityManager involvement in the failure here, but it's hard to comment on that since I don't know the "cleanSubject" test exactly does or doesn't.

Kind regards,
Arjan Tijms

-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Developer Experience
35 Network Drive, Burlington, MA 01803

Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.