[JBoss JIRA] Created: (SECURITY-483) ConcurrentModificationException from the JBoss security manager
10:35 a.m.
ConcurrentModificationException from the JBoss security manager
---------------------------------------------------------------
Key: SECURITY-483
URL: https://jira.jboss.org/jira/browse/SECURITY-483
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: JBossSX
Affects Versions: PicketBox_v3_0_beta3
Environment: JBoss AS trunk
Reporter: Jeff Mesnil
Assignee: Stefan Guilhen
Fix For: PicketBox_v3_0_beta4
When HornetQ delegates roles validation to JBoss Security manager, it throws a
ConcurrentModificationException:
16:58:24,449 ERROR [org.hornetq.core.protocol.core.ServerSessionPacketHandler] Caught
unexpected exception: java.util.ConcurrentModificationException
at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
at java.util.AbstractList$Itr.next(AbstractList.java:343)
at
org.jboss.security.identity.plugins.SimpleRoleGroup.containsRole(SimpleRoleGroup.java:181)
at
org.jboss.security.plugins.JBossAuthorizationManager.doesRoleGroupHaveRole(JBossAuthorizationManager.java:254)
at
org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:194)
at
org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
at
org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
at
org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
This issue prevents to run TCK's JMS tests with security enabled in HornetQ.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:37 a.m.
New subject: [JBoss JIRA] Updated: (SECURITY-483) ConcurrentModificationException from the JBoss security manager
[
https://jira.jboss.org/jira/browse/SECURITY-483?page=com.atlassian.jira.p...
]
Anil Saldhana updated SECURITY-483:
-----------------------------------
Fix Version/s: JBossSecurity_2.0.4.SP4
(was: PicketBox_v3_0_beta4)
Affects Version/s: JBossSecurity_2.0.4.SP3
(was: PicketBox_v3_0_beta3)
ConcurrentModificationException from the JBoss security manager
---------------------------------------------------------------
Key: SECURITY-483
URL: https://jira.jboss.org/jira/browse/SECURITY-483
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: JBossSX
Affects Versions: JBossSecurity_2.0.4.SP3
Environment: JBoss AS trunk
Reporter: Jeff Mesnil
Assignee: Stefan Guilhen
Fix For: JBossSecurity_2.0.4.SP4
When HornetQ delegates roles validation to JBoss Security manager, it throws a
ConcurrentModificationException:
16:58:24,449 ERROR [org.hornetq.core.protocol.core.ServerSessionPacketHandler] Caught
unexpected exception: java.util.ConcurrentModificationException
at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
at java.util.AbstractList$Itr.next(AbstractList.java:343)
at
org.jboss.security.identity.plugins.SimpleRoleGroup.containsRole(SimpleRoleGroup.java:181)
at
org.jboss.security.plugins.JBossAuthorizationManager.doesRoleGroupHaveRole(JBossAuthorizationManager.java:254)
at
org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:194)
at
org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
at
org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
at
org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
This issue prevents to run TCK's JMS tests with security enabled in HornetQ.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:54 p.m.
New subject: [JBoss JIRA] Closed: (SECURITY-483) ConcurrentModificationException from the JBoss security manager
[
https://jira.jboss.org/jira/browse/SECURITY-483?page=com.atlassian.jira.p...
]
Stefan Guilhen closed SECURITY-483.
-----------------------------------
Resolution: Done
All access to the SimpleRoleGroup list of roles (including iterating over it) is now
synchronized to avoid the ConcurrentModificationExceptions. These changes have been ported
from the PicketBox trunk.
ConcurrentModificationException from the JBoss security manager
---------------------------------------------------------------
Key: SECURITY-483
URL: https://jira.jboss.org/jira/browse/SECURITY-483
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: JBossSX
Affects Versions: JBossSecurity_2.0.4.SP3
Environment: JBoss AS trunk
Reporter: Jeff Mesnil
Assignee: Stefan Guilhen
Fix For: JBossSecurity_2.0.4.SP4
When HornetQ delegates roles validation to JBoss Security manager, it throws a
ConcurrentModificationException:
16:58:24,449 ERROR [org.hornetq.core.protocol.core.ServerSessionPacketHandler] Caught
unexpected exception: java.util.ConcurrentModificationException
at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
at java.util.AbstractList$Itr.next(AbstractList.java:343)
at
org.jboss.security.identity.plugins.SimpleRoleGroup.containsRole(SimpleRoleGroup.java:181)
at
org.jboss.security.plugins.JBossAuthorizationManager.doesRoleGroupHaveRole(JBossAuthorizationManager.java:254)
at
org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:194)
at
org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
at
org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
at
org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
This issue prevents to run TCK's JMS tests with security enabled in HornetQ.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5401
days inactive
5407
days old
2 comments
2 participants
participants (2)
-
Anil Saldhana (JIRA) -
Stefan Guilhen (JIRA)