Hi Morten, I'm not sure why this is happening, it might be a bug. Just to be sure we investigate the right context, is this
- a servlet - a pojo web service (if so, jaxrpc, jaxws, or something else) - an ejb web service? The ContextManager doesn't have anything to do with http sessions, it is more concerned with keeping the user identity in a threadlocal during each request so it is always available for authorization decisions. Thanks for your investigations so far! david jencks On Feb 8, 2011, at 4:51 AM, Morten Svanæs wrote: > Hi, > I'm currently having memory problems with a stateless web service > running in Geronimo 2.2.1. > The problem is that after running for a while the server starts > consuming more and more memory, some kind of leak or accumulation of > unwanted objects occur. > After analyzing the heap dumps in mat I can clearly see that the > accumulation happens inside the > org.apache.geronimo.security.ContextManagers's subjectContexts > IdentityHashMap. > The login happens via http basic and a custom LoginModule looking up > users in the database. The login module is based on the > GenericSecurityRealm and SQLLoginModule. > The service is a standard web servlet running on jetty. The service is > called typically many hundred times a second by the client with stand > http basic auth urls, so there is actually no need for sessions at > all. > It seems like when users log on to the service the > credentials/siubject gets stuck in the subjectContexts hashmap even > though the session timeout is set for 1 sec in the web.xml file. > > I've disabled session cookies by using information found here: > http://www.mojavelinux.com/blog/archives/2006/11/disabling_session_cookies_in_jetty/ > > I assume this is some kind of misconfiguration on our side and not the > stand. behavior with Geronimo, anyone who can help us point out the > direction for solving this would be greatly appreciated. > > > Regards, > Netroms Nacoma
