From b9de7553aed9d3501e8b1ef67b84cb158418bcaa Mon Sep 17 00:00:00 2001
From: Sameer Pandit <sameer.pandit@oracle.com>
Date: Wed, 23 Aug 2017 23:40:38 +0530
Subject: [PATCH] add privileged block in logout

---
 .../src/main/java/com/sun/web/security/RealmAdapter.java   | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/appserver/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java b/appserver/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java
index 185bcf4d7f5..935c2c85007 100644
--- a/appserver/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java
+++ b/appserver/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java
@@ -517,7 +517,12 @@ private void doLogout(HttpRequest request, boolean extensionEnabled) {
     @Override
     public void logout() {
         setSecurityContext(null);
-        resetPolicyContext();
+        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            public Void run() {
+                resetPolicyContext();
+                return null;
+            }
+        });
     }
 
     public Principal authenticate(HttpServletRequest hreq) {