[JBoss-dev] [ jboss-Bugs-610843 ] Caching of JaasSecurityManager.DomainInf
Bugs item #610843, was opened at 2002-09-18 01:15
You can respond by visiting:
https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866
Category: JBossSX
Group: v3.0 Rabbit Hole
Status: Open
Resolution: Out of Date
Priority: 5
Submitted By: Timo Warns (timow)
Assigned to: Scott M Stark (starksm)
Summary: Caching of JaasSecurityManager.DomainInf
Initial Comment:
We had problems with JaasSecurityManager. Sometimes it
returned wrong values for isUserInRole.
Here is what we believe causes the problem:
JaasSecurityManager uses (as default)
TimedCachePolicy.get(Object) as
method to access cached JaasSecurityManager.DomainInfo
entries.
TimedCachePolicy.get(Object) checks whether entries
have expired and tries to
refresh them if this is the case. If refreshing fails,
the entry will be
removed and null will be returned.
The problem is that DomainInfo is not able to refresh
(refresh() just returns false). Thus if a DomainInfo
is expired and JaasSecurityManager.doesUserHaveRole(...)
is called, it will return false, even if true would
be correct.
Sorry, if we misunderstood anything!
--
Comment By: Timo Warns (timow)
Date: 2002-09-18 10:51
Message:
Logged In: YES
user_id=606328
I just downloaded newest sources of JBoss-3.2, but the bug
still seems
to be present (as far as we understand):
In JaasSecurityManager (snipped to relevant parts):
[...]
public static class DomainInfo implements
TimedCachePolicy.TimedEntry
[...]
// refreshing always fails
public boolean refresh()
{
return false;
}
[...]
public boolean doesUserHaveRole(Principal principal, Set
rolePrincipals)
{
boolean hasRole = false;
[...]
// if entry is expired, null will be returned
DomainInfo info = getCacheInfo(principal);
Group roles = null;
if( info != null )
roles = info.roles;
if( roles != null )
[...]
return hasRole;
}
[...]
And in TimedCachePolicy:
[...]
public Object get(Object key)
{
[...]
if( entry.isCurrent(now) == false )
{ // Try to refresh the entry
// DomainInfo-entries cannot be refreshed
if( entry.refresh() == false )
{ // Failed, remove the entry and return null
entry.destroy();
entryMap.remove(key);
return null;
}
}
[...]
Thanks for your help!
--
Comment By: Scott M Stark (starksm)
Date: 2002-09-18 01:21
Message:
Logged In: YES
user_id=175228
You are looking at out of date code. Since 3.0.1 only
authentication requests will flush the cache and therefore
roles are always consistent with the authenticated user.
--
You can respond by visiting:
https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866
---
This SF.NET email is sponsored by: AMD - Your access to the experts
on Hammer Technology! Open Source Linux Developers, register now
for the AMD Developer Symposium. Code: EX8664
http://www.developwithamd.com/developerlab
___
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] [ jboss-Bugs-610843 ] Caching of JaasSecurityManager.DomainInf
Bugs item #610843, was opened at 2002-09-17 16:15
You can respond by visiting:
https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866
Category: JBossSX
Group: v3.0 Rabbit Hole
Status: Closed
Resolution: Out of Date
Priority: 5
Submitted By: Timo Warns (timow)
Assigned to: Scott M Stark (starksm)
Summary: Caching of JaasSecurityManager.DomainInf
Initial Comment:
We had problems with JaasSecurityManager. Sometimes it
returned wrong values for isUserInRole.
Here is what we believe causes the problem:
JaasSecurityManager uses (as default)
TimedCachePolicy.get(Object) as
method to access cached JaasSecurityManager.DomainInfo
entries.
TimedCachePolicy.get(Object) checks whether entries
have expired and tries to
refresh them if this is the case. If refreshing fails,
the entry will be
removed and null will be returned.
The problem is that DomainInfo is not able to refresh
(refresh() just returns false). Thus if a DomainInfo
is expired and JaasSecurityManager.doesUserHaveRole(...)
is called, it will return false, even if true would
be correct.
Sorry, if we misunderstood anything!
--
Comment By: Scott M Stark (starksm)
Date: 2002-09-18 04:57
Message:
Logged In: YES
user_id=175228
I don't know where you are getting the 3.2 source as this is
not what I see.
@version $Revision: 1.27.2.1 $
public boolean doesUserHaveRole(Principal principal, Set
rolePrincipals)
{
boolean hasRole = false;
Subject subject = getActiveSubject();
if( subject != null )
{
DomainInfo info = getCacheInfo(principal, false);
...
private DomainInfo getCacheInfo(Principal principal,
boolean allowRefresh)
{
if( domainCache == null )
return null;
DomainInfo cacheInfo = null;
synchronized( domainCache )
{
if( allowRefresh == true )
cacheInfo = (DomainInfo) domainCache.get(principal);
else
cacheInfo = (DomainInfo) domainCache.peek
(principal);
}
return cacheInfo;
}
--
Comment By: Timo Warns (timow)
Date: 2002-09-18 01:51
Message:
Logged In: YES
user_id=606328
I just downloaded newest sources of JBoss-3.2, but the bug
still seems
to be present (as far as we understand):
In JaasSecurityManager (snipped to relevant parts):
[...]
public static class DomainInfo implements
TimedCachePolicy.TimedEntry
[...]
// refreshing always fails
public boolean refresh()
{
return false;
}
[...]
public boolean doesUserHaveRole(Principal principal, Set
rolePrincipals)
{
boolean hasRole = false;
[...]
// if entry is expired, null will be returned
DomainInfo info = getCacheInfo(principal);
Group roles = null;
if( info != null )
roles = info.roles;
if( roles != null )
[...]
return hasRole;
}
[...]
And in TimedCachePolicy:
[...]
public Object get(Object key)
{
[...]
if( entry.isCurrent(now) == false )
{ // Try to refresh the entry
// DomainInfo-entries cannot be refreshed
if( entry.refresh() == false )
{ // Failed, remove the entry and return null
entry.destroy();
entryMap.remove(key);
return null;
}
}
[...]
Thanks for your help!
--
Comment By: Scott M Stark (starksm)
Date: 2002-09-17 16:21
Message:
Logged In: YES
user_id=175228
You are looking at out of date code. Since 3.0.1 only
authentication requests will flush the cache and therefore
roles are always consistent with the authenticated user.
--
You can respond by visiting:
https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866
---
This SF.NET email is sponsored by: AMD - Your access to the experts
on Hammer Technology! Open Source Linux Developers, register now
for the AMD Developer Symposium. Code: EX8664
http://www.developwithamd.com/developerlab
___
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] [ jboss-Bugs-610843 ] Caching of JaasSecurityManager.DomainInf
Bugs item #610843, was opened at 2002-09-18 01:15 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866 Category: JBossSX Group: v3.0 Rabbit Hole Status: Open Resolution: None Priority: 5 Submitted By: Timo Warns (timow) Assigned to: Nobody/Anonymous (nobody) Summary: Caching of JaasSecurityManager.DomainInf Initial Comment: We had problems with JaasSecurityManager. Sometimes it returned wrong values for isUserInRole. Here is what we believe causes the problem: JaasSecurityManager uses (as default) TimedCachePolicy.get(Object) as method to access cached JaasSecurityManager.DomainInfo entries. TimedCachePolicy.get(Object) checks whether entries have expired and tries to refresh them if this is the case. If refreshing fails, the entry will be removed and null will be returned. The problem is that DomainInfo is not able to refresh (refresh() just returns false). Thus if a DomainInfo is expired and JaasSecurityManager.doesUserHaveRole(...) is called, it will return false, even if true would be correct. Sorry, if we misunderstood anything! -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866 --- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] [ jboss-Bugs-610843 ] Caching of JaasSecurityManager.DomainInf
Bugs item #610843, was opened at 2002-09-17 16:15 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866 Category: JBossSX Group: v3.0 Rabbit Hole Status: Closed Resolution: Out of Date Priority: 5 Submitted By: Timo Warns (timow) Assigned to: Scott M Stark (starksm) Summary: Caching of JaasSecurityManager.DomainInf Initial Comment: We had problems with JaasSecurityManager. Sometimes it returned wrong values for isUserInRole. Here is what we believe causes the problem: JaasSecurityManager uses (as default) TimedCachePolicy.get(Object) as method to access cached JaasSecurityManager.DomainInfo entries. TimedCachePolicy.get(Object) checks whether entries have expired and tries to refresh them if this is the case. If refreshing fails, the entry will be removed and null will be returned. The problem is that DomainInfo is not able to refresh (refresh() just returns false). Thus if a DomainInfo is expired and JaasSecurityManager.doesUserHaveRole(...) is called, it will return false, even if true would be correct. Sorry, if we misunderstood anything! -- Comment By: Scott M Stark (starksm) Date: 2002-09-17 16:21 Message: Logged In: YES user_id=175228 You are looking at out of date code. Since 3.0.1 only authentication requests will flush the cache and therefore roles are always consistent with the authenticated user. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866 --- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
