https://bz.apache.org/bugzilla/show_bug.cgi?id=59437
--- Comment #2 from Arjan Tijms <arjan.ti...@gmail.com> ---
>The guilty party, I believe, is CallbackHandlerImpl -- it ought to be safe
for concurrent use.
Indeed, I explicitly asked the spec lead for clarification about this a while
and the CallbackHandler has to be thread-safe. It would even be allowed to have
one global instance of the SAM that handles all requests, which keeps re-using
a single CallbackHandler instance.
>if there are any ServerAuthModule implementations out there
that invoke the CallbackHandler twice [...]
Hmmm, Soteria does just that:
public static void notifyContainerAboutLogin(Subject clientSubject,
CallbackHandler handler, Principal callerPrincipal, List<String> roles) {
try {
handler.handle(new Callback[] { new
CallerPrincipalCallback(clientSubject, callerPrincipal) });
if (!isEmpty(roles)) {
handler.handle(new Callback[] { new
GroupPrincipalCallback(clientSubject, roles.toArray(new String[roles.size()]))
});
}
} catch (IOException | UnsupportedCallbackException e) {
// Should not happen
throw new IllegalStateException(e);
}
}
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
