| [cu-dev] TCK - context-related behavior of HttpServletRequest.getUserPrincipal() |
Hello again,
I'm trying to go through the remaining context-related issues.
One of them is the security behavior, test
ContextPropagationTests.testSecurityUnchangedContext. The key
piece of code is this:
ManagedExecutorService executor = InitialContext.doLookup("java:app/concurrent/executor2");
CompletableFuture<String> future = executor.supplyAsync(() -> {
// Security Context should not be available for calls on a new thread
return request.getUserPrincipal() == null ? "null" : request.getUserPrincipal().getName();
});
The executor is configured with context, which has attribute unchanged = SECURITY.
The request variable is shared from the calling function, and the security is stored directly in the request object. Then it fails, as the getUserPrincipal() returns the remembered value, not the contextual.
My question: is it required, that request.getUserPrincipal() calls the contextual value and it must not cache it?
Is it something new in the current version of Servlet API? I
haven't found anything related in Servlet API 6.0.
The same problem is with testSecurityClearedContext (cleared security).
Thank you
Petr