-
Bug
-
Resolution: Fixed
-
P3
-
1.4.0
-
None
-
beta
-
generic
-
generic
The logout methods in the com.sun.security.auth.module.* {NT,Solaris,Unix,Jndi and KeyStore)
classes do not work correctly for subjects that are read-only. The method
attempts to modify the principals, public credentials, and private credentials
stored in the subject at logout time even if the subject is marked as read-only,
which will cause the logout method to fail. The method also fails to destroy
the private credential, which it should do regardless of whether the subject
is read-only.
classes do not work correctly for subjects that are read-only. The method
attempts to modify the principals, public credentials, and private credentials
stored in the subject at logout time even if the subject is marked as read-only,
which will cause the logout method to fail. The method also fails to destroy
the private credential, which it should do regardless of whether the subject
is read-only.