[
http://jira.magnolia-cms.com/browse/MAGNOLIA-3671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ondřej Chytil reopened MAGNOLIA-3671:
-------------------------------------
Re-opening to improve the fix furthermore.
> Anonymous user locked under heavy load.
> ---------------------------------------
>
> Key: MAGNOLIA-3671
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3671
> Project: Magnolia
> Issue Type: Bug
> Components: security
> Affects Versions: 4.4.3
> Reporter: Danilo Ghirardelli
> Assignee: Ondřej Chytil
> Priority: Blocker
> Fix For: 4.4.4
>
> Attachments: JCRAuthenticationModule.java, MgnlUser.java
>
>
> I updated to Magnolia 4.4.3, my frontend configuration is clustered, two
> public instances.
> When the load rises, sometimes this exception below happens. This is
> particularly problematic because after the problem the instance is completely
> locked, and shows the magnolia login.
> This seems to be caused by modification done in MAGNOLIA-3557, that stores
> the access count. Doing so for the anonymous user seems to cause concurrent
> modification. I'll do further investigation, but this is a real blocking
> problem for me because my instances are failing often.
> ERROR info.magnolia.cms.security.SystemUserManager 28.04.2011 10:35:53 --
> Failed to login as anonymous user
> javax.security.auth.login.LoginException: java.lang.RuntimeException:
> javax.jcr.InvalidItemStateException:
> 2d78094b-8f7e-4c95-8b1d-22e3dc417c34/{}failedAttempts has been modified
> externally
> at
> info.magnolia.cms.security.MgnlUser.setFailedLoginAttempts(MgnlUser.java:96)
> at
> info.magnolia.jaas.sp.jcr.JCRAuthenticationModule.matchPassword(JCRAuthenticationModule.java:140)
> at
> info.magnolia.jaas.sp.jcr.JCRAuthenticationModule.validateUser(JCRAuthenticationModule.java:104)
> at
> info.magnolia.jaas.sp.AbstractLoginModule.login(AbstractLoginModule.java:200)
> at sun.reflect.GeneratedMethodAccessor224.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> at
> info.magnolia.cms.security.SystemUserManager.getSubject(SystemUserManager.java:177)
> at
> info.magnolia.cms.security.SystemUserManager.getRequiredSystemUser(SystemUserManager.java:154)
> at
> info.magnolia.cms.security.SystemUserManager.getAnonymousUser(SystemUserManager.java:125)
> at
> info.magnolia.cms.security.Security.getAnonymousUser(Security.java:69)
> at
> info.magnolia.context.UserContextImpl.getUser(UserContextImpl.java:75)
> at info.magnolia.context.MgnlContext.getUser(MgnlContext.java:83)
> at
> info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:88)
> at
> info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:88)
> at
> info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
> at
> info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:66)
> at
> info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:88)
> at
> info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:105)
> at
> info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:216)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
> at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774)
> at
> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
> at
> org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: javax.jcr.InvalidItemStateException:
> 2d78094b-8f7e-4c95-8b1d-22e3dc417c34/{}failedAttempts has been modified
> externally
> at org.apache.jackrabbit.core.ItemImpl.save(ItemImpl.java:1124)
> at info.magnolia.cms.core.DefaultContent.save(DefaultContent.java:528)
> at info.magnolia.cms.util.ContentWrapper.save(ContentWrapper.java:390)
> at
> info.magnolia.cms.security.MgnlUser.setFailedLoginAttempts(MgnlUser.java:94)
> ... 44 more
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:872)
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> at
> info.magnolia.cms.security.SystemUserManager.getSubject(SystemUserManager.java:177)
> at
> info.magnolia.cms.security.SystemUserManager.getRequiredSystemUser(SystemUserManager.java:154)
> at
> info.magnolia.cms.security.SystemUserManager.getAnonymousUser(SystemUserManager.java:125)
> at
> info.magnolia.cms.security.Security.getAnonymousUser(Security.java:69)
> at
> info.magnolia.context.UserContextImpl.getUser(UserContextImpl.java:75)
> at info.magnolia.context.MgnlContext.getUser(MgnlContext.java:83)
> at
> info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:88)
> at
> info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:88)
> at
> info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
> at
> info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:66)
> at
> info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:88)
> at
> info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:105)
> at
> info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:216)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
> at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774)
> at
> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
> at
> org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
> at java.lang.Thread.run(Thread.java:662)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
