Summary: | HttpSessionBindingListener.valueUnbound uses wrong classloader when SingleSignOn valve is used | ||
---|---|---|---|
Product: | Tomcat 7 | Reporter: | Maarten van Hulsentop <maarten> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 7.0.52 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | All | ||
Attachments: |
Reproduction war (including sources inside)
Patch where the restoring of the old classloader is deferred. |
Description
Maarten van Hulsentop
2014-05-16 13:27:30 UTC
Created attachment 31631 [details]
Patch where the restoring of the old classloader is deferred.
Hmm. The problem is wider than that. There are a number of places where the application listener is called with the wrong class loader. Simply extending the use of the webapp class loader will cause container listeners to be fired with the wrong listener. A more fine-grained approach is required. I'm taking a look now. Scratch that. It isn't that bad. Most of these methods are triggered by web app code so the class loader is already correct. I still think extending the coverage will have undesirable side-effects. This has been fixed in trunk for 8.0.8 onwards and in 7.0.x for 7.0.54 onwards. |