logged-in Subjects are cleaned up after web requests complete
-------------------------------------------------------------
Key: GERONIMO-5800
URL: https://issues.apache.org/jira/browse/GERONIMO-5800
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: Jetty, Tomcat
Affects Versions: 2.2.1, 3.0
Reporter: David Jencks
Assignee: David Jencks
We generally don't clean up the logged in Subject when a web request returns.
This results in a memory leak in ContextManager.subjectContexts. As well as
geronimo changes I think this will need changes in the Jetty Authenticators we
use. I think we control all the affected tomcat code. Ejb requests appear to
already clean this up on exit.
As an application-level workaround your app can call:
Subject subject = ContextManager.getCurrentCaller();
ContextManager.unregisterSubject(subject);
immediately before control returns to the client. (I haven't tested this to
make sure it doesn't break something else)
Thanks to Morten Svanaes and David Frahm for reporting this problem on the user
list. There may be a similar problem in 2.1.x but the code and solution will
be somewhat different.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
