]
Josef Cacek updated WFLY-3429:
------------------------------
Bugzilla Update: (was: Perform)
Classloader leak in JBossCachedAuthenticationManager
----------------------------------------------------
Key: WFLY-3429
URL:
https://issues.jboss.org/browse/WFLY-3429
Project: WildFly
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: 8.1.0.Final
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Priority: Critical
When using a security domain with {{cache-type="default"}}, then the
ModuleClassLoader instances related to deployments leak through
JBossCachedAuthenticationManager.
The problematic piece of code is the domainCache member variable which in the DomainInfo
value holds a LoginContext instance. This LoginContext has member contextClassLoader which
causes the leak. (It points to the ModuleClassLoader of the deployment).
One option to solve this issue could be to remove the cache entries which are related to
the undeployed application.