Authentication is not cached properly if the callback handler does not implement equals()/hashCode() ---------------------------------------------------------------------------------------------------- Key: ELY-1324 URL: https://issues.jboss.org/browse/ELY-1324 Project: WildFly Elytron Issue Type: Bug Reporter: Stuart Douglas If the callback handler does not implement equals()/hashCode() then AuthenticationConfiguration objects will not be considered equal (in the case where a new one is being created each time), which will result in a memory leak in org.jboss.remoting3.ConnectionPeerIdentityContext#futureAuths, as well as authentication being attempted for every request. This can be observed by adding a loop to org.jboss.as.test.integration.naming.remote.simple.RemoteNamingTestCase#testRemoteLookup I think this is a fairly serious issue, as I think there will be a lot of handler out there that do not meet this requirement, and it causes both a serious performance regression due to repeated auth, as well as a memory leak that can crash the JVM.