-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 1.4.0
-
Component/s: security-libs
-
None
-
beta
-
generic
-
generic
The logout methods in the com.sun.security.auth.module.* {NT,Solaris,Unix,Jndi and KeyStore)
classes do not work correctly for subjects that are read-only. The method
attempts to modify the principals, public credentials, and private credentials
stored in the subject at logout time even if the subject is marked as read-only,
which will cause the logout method to fail. The method also fails to destroy
the private credential, which it should do regardless of whether the subject
is read-only.
classes do not work correctly for subjects that are read-only. The method
attempts to modify the principals, public credentials, and private credentials
stored in the subject at logout time even if the subject is marked as read-only,
which will cause the logout method to fail. The method also fails to destroy
the private credential, which it should do regardless of whether the subject
is read-only.