[JBoss-dev] [ jboss-Bugs-610843 ] Caching of JaasSecurityManager.DomainInf
Bugs item #610843, was opened at 2002-09-18 01:15 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866 Category: JBossSX Group: v3.0 Rabbit Hole Status: Open Resolution: Out of Date Priority: 5 Submitted By: Timo Warns (timow) Assigned to: Scott M Stark (starksm) Summary: Caching of JaasSecurityManager.DomainInf Initial Comment: We had problems with JaasSecurityManager. Sometimes it returned wrong values for isUserInRole. Here is what we believe causes the problem: JaasSecurityManager uses (as default) TimedCachePolicy.get(Object) as method to access cached JaasSecurityManager.DomainInfo entries. TimedCachePolicy.get(Object) checks whether entries have expired and tries to refresh them if this is the case. If refreshing fails, the entry will be removed and null will be returned. The problem is that DomainInfo is not able to refresh (refresh() just returns false). Thus if a DomainInfo is expired and JaasSecurityManager.doesUserHaveRole(...) is called, it will return false, even if true would be correct. Sorry, if we misunderstood anything! -- Comment By: Timo Warns (timow) Date: 2002-09-18 10:51 Message: Logged In: YES user_id=606328 I just downloaded newest sources of JBoss-3.2, but the bug still seems to be present (as far as we understand): In JaasSecurityManager (snipped to relevant parts): [...] public static class DomainInfo implements TimedCachePolicy.TimedEntry [...] // refreshing always fails public boolean refresh() { return false; } [...] public boolean doesUserHaveRole(Principal principal, Set rolePrincipals) { boolean hasRole = false; [...] // if entry is expired, null will be returned DomainInfo info = getCacheInfo(principal); Group roles = null; if( info != null ) roles = info.roles; if( roles != null ) [...] return hasRole; } [...] And in TimedCachePolicy: [...] public Object get(Object key) { [...] if( entry.isCurrent(now) == false ) { // Try to refresh the entry // DomainInfo-entries cannot be refreshed if( entry.refresh() == false ) { // Failed, remove the entry and return null entry.destroy(); entryMap.remove(key); return null; } } [...] Thanks for your help! -- Comment By: Scott M Stark (starksm) Date: 2002-09-18 01:21 Message: Logged In: YES user_id=175228 You are looking at out of date code. Since 3.0.1 only authentication requests will flush the cache and therefore roles are always consistent with the authenticated user. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866 --- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] [ jboss-Bugs-610843 ] Caching of JaasSecurityManager.DomainInf
Bugs item #610843, was opened at 2002-09-17 16:15 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866 Category: JBossSX Group: v3.0 Rabbit Hole Status: Closed Resolution: Out of Date Priority: 5 Submitted By: Timo Warns (timow) Assigned to: Scott M Stark (starksm) Summary: Caching of JaasSecurityManager.DomainInf Initial Comment: We had problems with JaasSecurityManager. Sometimes it returned wrong values for isUserInRole. Here is what we believe causes the problem: JaasSecurityManager uses (as default) TimedCachePolicy.get(Object) as method to access cached JaasSecurityManager.DomainInfo entries. TimedCachePolicy.get(Object) checks whether entries have expired and tries to refresh them if this is the case. If refreshing fails, the entry will be removed and null will be returned. The problem is that DomainInfo is not able to refresh (refresh() just returns false). Thus if a DomainInfo is expired and JaasSecurityManager.doesUserHaveRole(...) is called, it will return false, even if true would be correct. Sorry, if we misunderstood anything! -- Comment By: Scott M Stark (starksm) Date: 2002-09-18 04:57 Message: Logged In: YES user_id=175228 I don't know where you are getting the 3.2 source as this is not what I see. @version $Revision: 1.27.2.1 $ public boolean doesUserHaveRole(Principal principal, Set rolePrincipals) { boolean hasRole = false; Subject subject = getActiveSubject(); if( subject != null ) { DomainInfo info = getCacheInfo(principal, false); ... private DomainInfo getCacheInfo(Principal principal, boolean allowRefresh) { if( domainCache == null ) return null; DomainInfo cacheInfo = null; synchronized( domainCache ) { if( allowRefresh == true ) cacheInfo = (DomainInfo) domainCache.get(principal); else cacheInfo = (DomainInfo) domainCache.peek (principal); } return cacheInfo; } -- Comment By: Timo Warns (timow) Date: 2002-09-18 01:51 Message: Logged In: YES user_id=606328 I just downloaded newest sources of JBoss-3.2, but the bug still seems to be present (as far as we understand): In JaasSecurityManager (snipped to relevant parts): [...] public static class DomainInfo implements TimedCachePolicy.TimedEntry [...] // refreshing always fails public boolean refresh() { return false; } [...] public boolean doesUserHaveRole(Principal principal, Set rolePrincipals) { boolean hasRole = false; [...] // if entry is expired, null will be returned DomainInfo info = getCacheInfo(principal); Group roles = null; if( info != null ) roles = info.roles; if( roles != null ) [...] return hasRole; } [...] And in TimedCachePolicy: [...] public Object get(Object key) { [...] if( entry.isCurrent(now) == false ) { // Try to refresh the entry // DomainInfo-entries cannot be refreshed if( entry.refresh() == false ) { // Failed, remove the entry and return null entry.destroy(); entryMap.remove(key); return null; } } [...] Thanks for your help! -- Comment By: Scott M Stark (starksm) Date: 2002-09-17 16:21 Message: Logged In: YES user_id=175228 You are looking at out of date code. Since 3.0.1 only authentication requests will flush the cache and therefore roles are always consistent with the authenticated user. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866 --- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] [ jboss-Bugs-610843 ] Caching of JaasSecurityManager.DomainInf
Bugs item #610843, was opened at 2002-09-18 01:15 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866 Category: JBossSX Group: v3.0 Rabbit Hole Status: Open Resolution: None Priority: 5 Submitted By: Timo Warns (timow) Assigned to: Nobody/Anonymous (nobody) Summary: Caching of JaasSecurityManager.DomainInf Initial Comment: We had problems with JaasSecurityManager. Sometimes it returned wrong values for isUserInRole. Here is what we believe causes the problem: JaasSecurityManager uses (as default) TimedCachePolicy.get(Object) as method to access cached JaasSecurityManager.DomainInfo entries. TimedCachePolicy.get(Object) checks whether entries have expired and tries to refresh them if this is the case. If refreshing fails, the entry will be removed and null will be returned. The problem is that DomainInfo is not able to refresh (refresh() just returns false). Thus if a DomainInfo is expired and JaasSecurityManager.doesUserHaveRole(...) is called, it will return false, even if true would be correct. Sorry, if we misunderstood anything! -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866 --- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] [ jboss-Bugs-610843 ] Caching of JaasSecurityManager.DomainInf
Bugs item #610843, was opened at 2002-09-17 16:15 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866 Category: JBossSX Group: v3.0 Rabbit Hole Status: Closed Resolution: Out of Date Priority: 5 Submitted By: Timo Warns (timow) Assigned to: Scott M Stark (starksm) Summary: Caching of JaasSecurityManager.DomainInf Initial Comment: We had problems with JaasSecurityManager. Sometimes it returned wrong values for isUserInRole. Here is what we believe causes the problem: JaasSecurityManager uses (as default) TimedCachePolicy.get(Object) as method to access cached JaasSecurityManager.DomainInfo entries. TimedCachePolicy.get(Object) checks whether entries have expired and tries to refresh them if this is the case. If refreshing fails, the entry will be removed and null will be returned. The problem is that DomainInfo is not able to refresh (refresh() just returns false). Thus if a DomainInfo is expired and JaasSecurityManager.doesUserHaveRole(...) is called, it will return false, even if true would be correct. Sorry, if we misunderstood anything! -- Comment By: Scott M Stark (starksm) Date: 2002-09-17 16:21 Message: Logged In: YES user_id=175228 You are looking at out of date code. Since 3.0.1 only authentication requests will flush the cache and therefore roles are always consistent with the authenticated user. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=376685aid=610843group_id=22866 --- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development