From issues at jboss.org Tue Aug 8 19:23:00 2017 From: issues at jboss.org (Stuart Douglas (JIRA)) Date: Tue, 8 Aug 2017 19:23:00 -0400 (EDT) Subject: [jboss-remoting-issues] [JBoss JIRA] (JBREM-1338) Authentication is not cached properly if the callback handler does not implement equals()/hashCode() In-Reply-To: References: Message-ID: Stuart Douglas created JBREM-1338: ------------------------------------- Summary: Authentication is not cached properly if the callback handler does not implement equals()/hashCode() Key: JBREM-1338 URL: https://issues.jboss.org/browse/JBREM-1338 Project: JBoss Remoting Issue Type: Bug Reporter: Stuart Douglas If the callback handler does not implement equals()/hashCode() then AuthenticationConfiguration objects will not be considered equal (in the case where a new one is being created each time), which will result in a memory leak in org.jboss.remoting3.ConnectionPeerIdentityContext#futureAuths, as well as authentication being attempted for every request. This can be observed by adding a loop to org.jboss.as.test.integration.naming.remote.simple.RemoteNamingTestCase#testRemoteLookup I think this is a fairly serious issue, as I think there will be a lot of handler out there that do not meet this requirement, and it causes both a serious performance regression due to repeated auth, as well as a memory leak that can crash the JVM. -- This message was sent by Atlassian JIRA (v7.2.3#72005) From issues at jboss.org Wed Aug 9 04:57:00 2017 From: issues at jboss.org (Darran Lofthouse (JIRA)) Date: Wed, 9 Aug 2017 04:57:00 -0400 (EDT) Subject: [jboss-remoting-issues] [JBoss JIRA] (JBREM-1338) Authentication is not cached properly if the callback handler does not implement equals()/hashCode() In-Reply-To: References: Message-ID: [ https://issues.jboss.org/browse/JBREM-1338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13446125#comment-13446125 ] Darran Lofthouse commented on JBREM-1338: ----------------------------------------- [~swd847] this is the old Remoting 2 project not Remoting 3 - but as AuthenticationConfiguration is providing the overall equality check maybe this will be better over in the Elytron project. > Authentication is not cached properly if the callback handler does not implement equals()/hashCode() > ---------------------------------------------------------------------------------------------------- > > Key: JBREM-1338 > URL: https://issues.jboss.org/browse/JBREM-1338 > Project: JBoss Remoting > Issue Type: Bug > Reporter: Stuart Douglas > > If the callback handler does not implement equals()/hashCode() then AuthenticationConfiguration objects will not be considered equal (in the case where a new one is being created each time), which will result in a memory leak in org.jboss.remoting3.ConnectionPeerIdentityContext#futureAuths, as well as authentication being attempted for every request. This can be observed by adding a loop to org.jboss.as.test.integration.naming.remote.simple.RemoteNamingTestCase#testRemoteLookup > I think this is a fairly serious issue, as I think there will be a lot of handler out there that do not meet this requirement, and it causes both a serious performance regression due to repeated auth, as well as a memory leak that can crash the JVM. -- This message was sent by Atlassian JIRA (v7.2.3#72005)