ThreadLocal usage in RegistryImpl

[GoogleCodeExporter]

It's a bit risky to rely on ThreadLocal for these stores. It would be better to 
store things as request attributes. Also ThreadLocal usage promotes lots of 
nasty warnings from Tomcat when shutting it down, they are considered as memory 
leaks for some reason.

Original issue reported on code.google.com by EsmondP...@gmail.com on 17 Nov 2010 at 1:07

[GoogleCodeExporter]

AFAIR this is necessary for some functionality needed by one project which i 
wanna drop anyways... This will require some API changes though, so i'll mark 
this with the appropriate milestone!

Original comment by aike.som...@gmail.com on 18 Nov 2010 at 8:40

• Added labels: Milestone-API-0.5, Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

Original comment by aike.som...@gmail.com on 18 Nov 2010 at 8:40

• Changed state: Accepted
• Added labels: Priority-Low, Type-Defect
• Removed labels: Priority-Medium, Type-Enhancement

[GoogleCodeExporter]

I had a possibly comparable issue where I had to store an extra response called 
a PasswordResponseControl that I can get from LDAP under certain circumstances 
in my JAAS module and had no easy way to communicate it back to the rest of the 
application, which needed to know e.g. about impending password expiry so it 
could display extra stuff ro the user, or force him to change his password etc. 
Anyway I didn't want to put it into the Principal and a ThreadLocal was dicey. 
I eventually decided it was a private credential of the Subject across the JAAS 
login module interface, and ported it out of there ASAP into a request 
attribute as soon as I was back in a land where I had a Request.

Original comment by EsmondP...@gmail.com on 22 Nov 2010 at 1:25

• Added labels: ****
• Removed labels: ****