[JBoss JIRA] (JBREM-1338) Authentication is not cached properly if the callback handler does not implement equals()/hashCode()
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/JBREM-1338?page=com.atlassian.jira.plugin... ]
Darran Lofthouse commented on JBREM-1338:
-----------------------------------------
[~swd847] this is the old Remoting 2 project not Remoting 3 - but as AuthenticationConfiguration is providing the overall equality check maybe this will be better over in the Elytron project.
> Authentication is not cached properly if the callback handler does not implement equals()/hashCode()
> ----------------------------------------------------------------------------------------------------
>
> Key: JBREM-1338
> URL: https://issues.jboss.org/browse/JBREM-1338
> Project: JBoss Remoting
> Issue Type: Bug
> Reporter: Stuart Douglas
>
> If the callback handler does not implement equals()/hashCode() then AuthenticationConfiguration objects will not be considered equal (in the case where a new one is being created each time), which will result in a memory leak in org.jboss.remoting3.ConnectionPeerIdentityContext#futureAuths, as well as authentication being attempted for every request. This can be observed by adding a loop to org.jboss.as.test.integration.naming.remote.simple.RemoteNamingTestCase#testRemoteLookup
> I think this is a fairly serious issue, as I think there will be a lot of handler out there that do not meet this requirement, and it causes both a serious performance regression due to repeated auth, as well as a memory leak that can crash the JVM.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 4 months
[JBoss JIRA] (JBREM-1338) Authentication is not cached properly if the callback handler does not implement equals()/hashCode()
by Stuart Douglas (JIRA)
Stuart Douglas created JBREM-1338:
-------------------------------------
Summary: Authentication is not cached properly if the callback handler does not implement equals()/hashCode()
Key: JBREM-1338
URL: https://issues.jboss.org/browse/JBREM-1338
Project: JBoss Remoting
Issue Type: Bug
Reporter: Stuart Douglas
If the callback handler does not implement equals()/hashCode() then AuthenticationConfiguration objects will not be considered equal (in the case where a new one is being created each time), which will result in a memory leak in org.jboss.remoting3.ConnectionPeerIdentityContext#futureAuths, as well as authentication being attempted for every request. This can be observed by adding a loop to org.jboss.as.test.integration.naming.remote.simple.RemoteNamingTestCase#testRemoteLookup
I think this is a fairly serious issue, as I think there will be a lot of handler out there that do not meet this requirement, and it causes both a serious performance regression due to repeated auth, as well as a memory leak that can crash the JVM.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 4 months