Patches item #551809, was opened at 2002-05-03 12:05 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=376687&aid=551809&group_id=22866
Category: JBossSX Group: v2.4 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Chris Harris (charris) Assigned to: Nobody/Anonymous (nobody) Summary: synced cache in JaasSecurityManager Initial Comment: JBoss 2.4.4 used, also experienced under 2.4.5RC3 Under heavy load, where multiple threads are using the same user Principal, the credentials cache can occasionally fail to supply credentials. An example would be where many MDBs are deployed, all using the same identity. If these MDBs call other EJBs also, many threads can access the credentials cache in JaasSecruityManager simultaneously. This can result in calls to the updateCache() method removing and reinserting credentials for a user, whilst at the same time SecurityInterceptor calls doesUserHaveRole() which checks the contents of the cache. There is a small space between the remove() and insert() in the updateCache() method where the credentials are not in the cache. The result is that doesUserHaveRole() can fail, and SecurityInterceptor throws a SecurityException at line 215. The attached patch to JaasSecurityManager seems to fix this intermittent problem by synchronising access to the cache for the read and update operations. This may produce a minor performance hit but ensures correctness. This patch was applied to CVS revision 1.7.2.9. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=376687&aid=551809&group_id=22866 _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
