[JBoss JIRA] (WFLY-9251) Security context is not thread safe

Friday, 1 September 2017

    [
https://issues.jboss.org/browse/WFLY-9251?page=com.atlassian.jira.plugin....
] 

Rémy Delerue edited comment on WFLY-9251 at 9/1/17 5:10 AM:
------------------------------------------------------------

Hello Tomaz,

Thank you for your answer.
I'm working with Charles and I'm assigned to this task.

We reproduce our issue with wildfly-11.0.0.Beta1 and wildfly-11.0.0.CR1.

But there's something noticeable:
* with wildfly-10.1.0.Final:
** {failed_count: 103, shots_count: 1000, succeeded_count: 897}
* with wildfly-11.0.0.Beta1:
** {failed_count: 2, shots_count: 1000, succeeded_count: 998}
* with wildfly-11.0.0.CR1:
** {failed_count: 4, shots_count: 1000, succeeded_count: 996}

What do you think about that?

Regards,
Rémy.

(In attachment, the script I used to reproduce the issue. [^wildfly-auth-overloader.js])

was (Author: clivia):
Hello Tomaz,

Thank you for your answer.
I'm working with Charles and I'm assigned to this task.

We reproduce our issue with wildfly-11.0.0.Beta1 and wildfly-11.0.0.CR1.

But there's something noticeable:
* with wildfly-10.1.0.Final: {failed_count: 103, shots_count: 1000, succeeded_count: 897}
* with wildfly-11.0.0.Beta1: {failed_count: 2, shots_count: 1000, succeeded_count: 998}
* with wildfly-11.0.0.CR1: {failed_count: 4, shots_count: 1000, succeeded_count: 996}

What do you think about that?

Regards,
Rémy.

(In attachment, the script I used to reproduce the issue. [^wildfly-auth-overloader.js])

...
 Security context is not thread safe
 -----------------------------------

                 Key: WFLY-9251
                 URL: https://issues.jboss.org/browse/WFLY-9251
             Project: WildFly
          Issue Type: Bug
          Components: Security
    Affects Versions: 10.1.0.Final
         Environment: Windows, LInux
            Reporter: charles ghislain
            Assignee: Darran Lofthouse
              Labels: jaas, security, security-context, thread-safety, threads
         Attachments: wildfly-auth-overloader.js, wildflytestauthcontext-2.zip,
wildflytestauthcontext.zip

 Using a custom JAAS login module, we sometimes fail to obtain the authenticated subject
from the 'javax.security.auth.Subject.container' policy context. This appear to be
related to the worker threads. 
 See the reproduction steps below. When a wildfly instance attempts to authenticate 500
requests coming simultaneously, a bunch of them fail. If you configure wildfly to only use
a single worker thread and a single task thread, this issue disappears.
 The issue is as follow:
 I login using HttpServletRequest#login.
 Right after that, login.getUserPrincipal return the correct principal.
 However, sometimes,
PolicyContext.getContext("javax.security.auth.Subject.container") returns null.
Right after the login.
 In our production app,
PolicyContext.getContext("javax.security.auth.Subject.container") returns null
during some EJB call, throwing random exceptions from various parts of the application. 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006