appserver-ci
commented
6 years ago Can one of the admins verify this patch?
Closed pathmissing closed 6 years ago
appserver-ci
commented
6 years ago Can one of the admins verify this patch?
appserver-ci
commented
6 years ago Can one of the admins verify this patch?
This PR removes the LoginContext instance from the GenericPrincipal, which is being stored in the current session. Not only because the LoginContext contains sensitive information like the password used to authenticate the user but also because it is neither needed by the ServletEngine nor by the application.