]
RH Bugzilla Integration commented on WFLY-3429:
-----------------------------------------------
Josef Cacek <jcacek(a)redhat.com> changed the Status of [bug
Classloader leak in JBossCachedAuthenticationManager
----------------------------------------------------
Key: WFLY-3429
URL:
https://issues.jboss.org/browse/WFLY-3429
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 8.1.0.Final
Reporter: Josef Cacek
Assignee: Emmanuel Hugonnet
Priority: Critical
When using a security domain with {{cache-type="default"}}, then the
ModuleClassLoader instances related to deployments leak through
JBossCachedAuthenticationManager.
The problematic piece of code is the domainCache member variable which in the DomainInfo
value holds a LoginContext instance. This LoginContext has member contextClassLoader which
causes the leak. (It points to the ModuleClassLoader of the deployment).
One option to solve this issue could be to remove the cache entries which are related to
the undeployed application.