diff --git a/cas-client-integration-jetty/src/main/java/org/jasig/cas/client/jetty/CasAuthenticator.java b/cas-client-integration-jetty/src/main/java/org/jasig/cas/client/jetty/CasAuthenticator.java index 01c2c37..14b359b 100644 --- a/cas-client-integration-jetty/src/main/java/org/jasig/cas/client/jetty/CasAuthenticator.java +++ b/cas-client-integration-jetty/src/main/java/org/jasig/cas/client/jetty/CasAuthenticator.java @@ -38,6 +38,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; +import java.lang.ref.WeakReference; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; @@ -60,7 +61,8 @@ public class CasAuthenticator extends AbstractLifeCycle implements Authenticator private final Logger logger = LoggerFactory.getLogger(CasAuthenticator.class); /** Map of tickets to sessions. */ - private final ConcurrentMap sessionMap = new ConcurrentHashMap(); + private final ConcurrentMap> sessionMap = + new ConcurrentHashMap>(); /** CAS ticket validator component. */ private TicketValidator ticketValidator; @@ -203,14 +205,17 @@ public class CasAuthenticator extends AbstractLifeCycle implements Authenticator } protected void clearCachedAuthentication(final String ticket) { - sessionMap.remove(ticket); + final WeakReference sessionRef = sessionMap.remove(ticket); + if (sessionRef != null && sessionRef.get() != null) { + sessionRef.get().removeAttribute(CACHED_AUTHN_ATTRIBUTE); + } } private void cacheAuthentication(final HttpServletRequest request, final CasAuthentication authentication) { final HttpSession session = request.getSession(false); if (session != null) { session.setAttribute(CACHED_AUTHN_ATTRIBUTE, authentication); - sessionMap.put(authentication.getTicket(), session); + sessionMap.put(authentication.getTicket(), new WeakReference(session)); } }