activemq-artemis icon indicating copy to clipboard operation
activemq-artemis copied to clipboard

Published 20 hours ago verified publisher icon apache

ARTEMIS-4420 user auth leaks into non-Artemis servlets

Open jbertram opened this issue 10 months ago • 2 comments

jbertram avatar Apr 20 '24 04:04 jbertram

@clebertsuconic, let's get this into 2.34.0. Can you review and merge? Thanks!

jbertram avatar Apr 25 '24 17:04 jbertram

Using a thread local to propagate the session subject is fine, but it needs to be scoped to the user of that thread for the request, and cleared on response. so set every time.

gtully avatar May 09 '24 14:05 gtully

@gtully, point taken. I've updated the PR with what I believe will address the ThreadLocal issue. I wasn't able to come up with a way to test it automatically, but manual tests (e.g. the use-case outlined in the Jira) is working fine now.

jbertram avatar May 22 '24 04:05 jbertram