X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fplugins%2Forg.argeo.security.equinox%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fequinox%2FSpringLoginModule.java;h=716cb6d855afa8eb5a2486d2657b278daa4a6077;hb=8b78007039ccb1f19d498742a64cf62435e8b093;hp=c25be6afbdf46b845adc37c083065a3c2d095be5;hpb=2745f0c8c57d9468855179d56f858fb2448f779c;p=lgpl%2Fargeo-commons.git

diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
index c25be6afb..716cb6d85 100644
--- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
+++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
@@ -53,6 +53,16 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 		if (SecurityContextHolder.getContext().getAuthentication() != null)
 			return super.login();
 
+		// reset all principals and credentials
+		if (log.isTraceEnabled())
+			log.trace("Resetting all principals and credentials of " + subject);
+		if (subject.getPrincipals() != null)
+			subject.getPrincipals().clear();
+		if (subject.getPrivateCredentials() != null)
+			subject.getPrivateCredentials().clear();
+		if (subject.getPublicCredentials() != null)
+			subject.getPublicCredentials().clear();
+
 		// ask for username and password
 		Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
 				"Required login");
@@ -109,8 +119,8 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 
 	@Override
 	public boolean logout() throws LoginException {
-//		if (log.isDebugEnabled())
-//			log.debug("logout subject=" + subject);
+		// if (log.isDebugEnabled())
+		// log.debug("logout subject=" + subject);
 		return super.logout();
 	}