On 10/21/09 01:14, Skanda Prasad wrote:
> Hi All,
>
> I'm clearing the SecurityContext on server shutdown using the following
> code:
>
> com.sun.enterprise.security.SecurityContext.setCurrent(null);
> com.sun.enterprise.security.SecurityContext sc =
> com.sun.enterprise.security.SecurityContext.getCurrent();
> sc.getSubject().getPrincipals().clear();
> sc.getSubject().getPrivateCredentials().clear();
> sc.getSubject().getPublicCredentials().clear();
>
> But after the domain/server restart, i find that all the Principals still
> exist in the SecurityContext....
>
> Could someone please let me know how to clear the SecurityContext???
>
> Regards,
> Skanda
>
This sounds like a case of a session being persisted across the restart,
so that it is
rebound when the client uses the same session cookie.
The SecurityContext is an in-memory representation of authentication
state that is
bound to a request thread; it will be reconstituted from the session
when another
request comes in on the session.
to stop this from happening you would need to invalidate the session, or
reinitialize
the session repository.