[
https://issues.jboss.org/browse/JBAS-7468?page=com.atlassian.jira.plugin....
]
Adam Zovits commented on JBAS-7468:
-----------------------------------
Hi all!
I know this is an old issue concerning an old version of JBoss, but I also have this exact
problem.
After finding and downloading the above mentioned jar files (
http://maven.antelink.com/service/local/repo_groups/public-jboss/content/...
and
http://maven.antelink.com/service/local/repo_groups/public-jboss/content/...
) from an old mirror that wasn't shut down yet, I replaced the relevant ones in a
freshly downloaded JBoss 5.1.0 instance and started deploying our project.
One hour later VisualVM says there are 657,664 instances of SimpleRole, just like before
the proposed workaround.
Did I do something wrong? Or are there any other known fixes, patches, workarounds,
anything?
We'd be grateful for any help in this matter.
Thanks in advance!
Memory leak in
org.jboss.security.plugins.authorization.JBossAuthorizationContext
---------------------------------------------------------------------------------
Key: JBAS-7468
URL:
https://issues.jboss.org/browse/JBAS-7468
Project: Application Server 3 4 5 and 6
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: JBossAS-5.1.0.GA
Environment: JBoss Version: jboss-5.1.0.GA, OS: Linux (2.6.18-164.el5),
Architecture: amd64 64bit, JVM: Java HotSpot(TM) 64-Bit Server VM (14.0-b16, mixed mode)
Reporter: Ganesh Ingle
Assignee: Anil Saldhana
Labels: JBossAuthorizationContext_leak, JBossAuthorizationContext_memleak,
JBossAuthorizationContext_outofmemory, JBoss_outofmemory, memoryleak, outofmemory
Fix For: 6.0.0.M1
Attachments: HeapMemoryOldGen.png, JBossAuthorizationContext.java,
JBossAuthorizationContext_MemLeak.png
Our use case (only security related portion is mentioned here):
Axis 1.4 webservice, standard J2EE declarative security through WEB-INF/web.xml, a http
client sends soap request and BASIC auth information, the JBoss server performs
authentication and authorization as per WEB-INF/web.xml configuration.
We did a performance/stability test on above web service. After 8.5 million requests the
server gone out of memory. We did heap dump analysis using VisualVM tool and found that
the class org.jboss.security.plugins.authorization.JBossAuthorizationContext is consuming
most of the memory. This class has a memer array named "controlFlags", this
array was showing 25.7 million ControlFlag entries.
When we investigated the code we found that there is one instance of
JBossAuthorizationManager per security domain and this manager has one instance of
JBossAuthorizationContext. For every authorization the JBossAuthorizationContext
initializes authorization modules and pushes their control flags (instances of class
ControlFlag) in member arrays. When the authorization is complete, a commit/abort is
invoked on all modules and finally the "modules" array is cleared. However, the
"controlFlags" array is not cleared. We checked the entire class, this array
never gets cleared.
We changed the code to clear both "modules" and "controlFlags" array
in a finally block in method JBossAuthorizationContext.authorize(final Resource resource,
final Subject subject, final RoleGroup callerRoles). We ran a 50million test after this
fix, the test was successful which proves the fix worked.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira