[
https://jira.nuxeo.org/browse/NXP-5090?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Florent Guillaume resolved NXP-5090.
------------------------------------
Resolution: Fixed
> CoreSession leak in case of HTTP Session Timeout
> ------------------------------------------------
>
> Key: NXP-5090
> URL: https://jira.nuxeo.org/browse/NXP-5090
> Project: Nuxeo Enterprise Platform
> Issue Type: Bug
> Components: Core, Web Foundations, Web UI
> Affects Versions: 5.3.1
> Reporter: Thierry Delprat
> Assignee: Thierry Delprat
> Fix For: 5.3.2
>
>
> When the session timeout occurs, the Seam cleanup code is called in a thread
> that is not authenticated
> => the call to CoreInstance.getInstance.close() fails because of the
> underlying call to DocumentManagerBean.destroy that is not allowed ( EJB3
> security interceptor blocks the unauthentciated call).
> This result in a leak :
> - We have a coreSession that is not released
> => static map in CoreInstance is not freed
> ==> may result in a OutOfMemoryError in PermGen
> => we leak an EJB3
> ==> one DocumentManagerBean passivated on disk that will never be cleared
> Unless we find a clean way to bypass EJB3 security (since @PermitAll does
> nothing) the only walkaround is to open a SystemLogin.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
