[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true
[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415487 ]
Shane Bryzak commented on JBSEAM-3064:
--------------------------------------
I've added some more synchronization to RuleBasedIdentity in the Seam_2_0 branch,
I'm hoping that this will fix your address. Could you please retry your tests against
these changes? It would also be great if you could try your tests against trunk also, as
the security architecture has changed drastically.
AuthorizationException when Load Testing -
RuleBasedIdentity.hasPermission() returns false when it should return true
---------------------------------------------------------------------------------------------------------------------
Key: JBSEAM-3064
URL: http://jira.jboss.com/jira/browse/JBSEAM-3064
Project: Seam
Issue Type: Bug
Components: Security
Affects Versions: 2.0.1.GA, 2.0.2.GA, 2.0.2.SP1
Environment: Mac OS X 10.5.3
JDK 1.5.0_13-b05-237
JBoss 4.2.2.GA
JBoss Seam 2.0.1.GA
Drools 4.0.3
Reporter: Kenneth Christensen
Assigned To: Shane Bryzak
Priority: Critical
Attachments: security.drl, testcase1-RuleBasedIdentity.zip,
testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip
I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance
Suite 3.5)
my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA
and JSF 1.2).
And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely
securityContext.fireAllRules()
used by RuleBasedIdentity.hasPermission().
I have run two testcases (see attached files), where all
RuleBasedIdentity.hasPermission() should return true.
But under heavy load (lots of threads and 90% - 100% CPU)
RuleBasedIdentity.hasPermission() returns false because
securityContext.fireAllRules() don't call PermissionCheck.grant().
But now its getting really weird :-)
If I override RuleBasedIdentity.hasPermission() with:
@Name("org.jboss.seam.security.identity")
@Scope(SESSION)
@BypassInterceptors
@Install(precedence=Install.APPLICATION,
classDependencies="org.drools.WorkingMemory")
@Startup
public class RuleTest extends RuleBasedIdentity {
@Override
public boolean hasPermission(String name, String action, Object... arg) {
boolean result = super.hasPermission(name, action, arg);
if (!result) { // Are we sure, if result == false? One more time.
result = super.hasPermission(name, action, arg);
}
return result;
}
}
then about 95%-99% of the time RuleTest.hasPermission() will return the expected result,
i.e. true.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira