[
https://issues.jboss.org/browse/WFLY-9251?page=com.atlassian.jira.plugin....
]
Rémy Delerue commented on WFLY-9251:
------------------------------------
Hello Tomaz,
Thank you for your answer.
I'm working with Charles and I'm assigned to this task.
We reproduce our issue with wildfly-11.0.0.Beta1 and wildfly-11.0.0.CR1.
But there's something noticeable:
* with wildfly-10.1.0.Final: {failed_count: 103, shots_count: 1000, succeeded_count: 897}
* with wildfly-11.0.0.Beta1: {failed_count: 2, shots_count: 1000, succeeded_count: 998}
* with wildfly-11.0.0.CR1: {failed_count: 4, shots_count: 1000, succeeded_count: 996}
What do you think about that?
Regards,
Rémy.
(In attachment, the script I used to reproduce the issue. [^wildfly-auth-overloader.js])
Security context is not thread safe
-----------------------------------
Key: WFLY-9251
URL:
https://issues.jboss.org/browse/WFLY-9251
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 10.1.0.Final
Environment: Windows, LInux
Reporter: charles ghislain
Assignee: Darran Lofthouse
Labels: jaas, security, security-context, thread-safety, threads
Attachments: wildfly-auth-overloader.js, wildflytestauthcontext-2.zip,
wildflytestauthcontext.zip
Using a custom JAAS login module, we sometimes fail to obtain the authenticated subject
from the 'javax.security.auth.Subject.container' policy context. This appear to be
related to the worker threads.
See the reproduction steps below. When a wildfly instance attempts to authenticate 500
requests coming simultaneously, a bunch of them fail. If you configure wildfly to only use
a single worker thread and a single task thread, this issue disappears.
The issue is as follow:
I login using HttpServletRequest#login.
Right after that, login.getUserPrincipal return the correct principal.
However, sometimes,
PolicyContext.getContext("javax.security.auth.Subject.container") returns null.
Right after the login.
In our production app,
PolicyContext.getContext("javax.security.auth.Subject.container") returns null
during some EJB call, throwing random exceptions from various parts of the application.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)