From 7051a9c0bdcf1a0da583b66bea8251d6f84f5a72 Mon Sep 17 00:00:00 2001 From: Ondro Mihalyi Date: Wed, 5 Feb 2025 09:55:04 +0100 Subject: [PATCH] Fix WebPrincipal not serializable - make sessionPrincipal final again --- .../java/com/sun/enterprise/security/SecurityContext.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityContext.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityContext.java index 8b31027f44d..5e7d63118af 100644 --- a/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityContext.java +++ b/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityContext.java @@ -66,15 +66,15 @@ public class SecurityContext extends AbstractSecurityContext { private static final long serialVersionUID = 1L; private static final Logger _logger = SecurityLoggerInfo.getLogger(); + // sessionPrincipal is static because it's a thread local, which isn't serializable, + // and we need at most one instance per thread + private static final ThreadLocal sessionPrincipal = new ThreadLocal<>(); private static InheritableThreadLocal currentSecurityContext = new InheritableThreadLocal<>(); private static SecurityContext defaultSecurityContext = generateDefaultSecurityContext(); private static AuthPermission doAsPrivilegedPerm = new AuthPermission("doAsPrivileged"); - // this is static because it's a thread local, which isn't serializable - private static ThreadLocal sessionPrincipal = new ThreadLocal<>(); - // Did the client log in as or did the server generate the context private boolean serverGeneratedSecurityContext;