Details
-
Type:
Bug
-
Status:
Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 6.1.2rc0
-
Fix Version/s: 6.1.2rc0
-
Component/s: Security and SSL
-
Labels:None
-
Environment:java version "1.5.0_09"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01)
Java HotSpot(TM) Client VM (build 1.5.0_09-b01, mixed mode, sharing)
jetty-jboss compiled with Java 1.4.2_03 Blackdown
-
Number of attachments :
Description
See JETTY-214 for details.
If I do <jsp:include> at least twice in one page request.isUserInRole(...) does not work correctly for 2nd <jsp:include>.
Check attachment war file. It is modified one from JETTY-214.
When you logout it should write to console:
true true true
For me it writes:
true true false
Following code is invoked for any "dispatch" even for INCLUDE (I'm not sure how it should be).
org.mortbay.jetty.security.SecurityHandler.java
public void handle(String target, HttpServletRequest request, HttpServletResponse response, int dispatch) throws IOException, ServletException ...... finally { if (_userRealm!=null) { if (base_request.getUserPrincipal()!=null) >>>>>>> _userRealm.disassociate(base_request.getUserPrincipal()); } base_request.setUserRealm(old_realm); } .....
I've verified that this works fine with jetty stand-alone. Will look further into jboss-jetty specifics to find the fault.