Re: [security-dev] PicketLink 2.1.10 and 2.5.3.Beta2 issues
Hi *,
I'm writing just to let you know, I have received no comment wrt PicketLink
STSClientPool test plan.
I have finished the test development (git commit [1]) and some of the tests with
PicketLink 2.1.10 fail (I was trying the upstream PL 2.1.10 with EAP 5.2.0).
The issues will be blockers for EAP 5.3 from my PoV.
[1]
https://github.com/jboss-security-qe/picketlink-integration-tests/commit/...
Best regards,
-- Josef
----- Original Message -----
From: "Josef Cacek" <jcacek(a)redhat.com>
To: "Anil Saldhana" <asaldhan(a)redhat.com>, "Peter Skopek"
<pskopek(a)redhat.com>
Cc: "Jitka Kozana" <jkudrnac(a)redhat.com>, security-dev(a)lists.jboss.org,
"Mark Yarborough" <myarboro(a)redhat.com>
Sent: Wednesday, February 12, 2014 1:48:13 PM
Subject: [security-dev] PicketLink 2.1.10 and 2.5.3.Beta2 issues
Hi Anil & Peter,
I have several issues with PicketLink 2.1.10. I'm preparing STS client pool
tests for EAP 5.3 and I would like to voice the following concerns here:
1) missing release numbers in the JIRA
(https://issues.jboss.org/browse/PLINK2)
2) There is a regression (NPE) in JBWSTokenIssuingLoginModule -
https://issues.jboss.org/browse/PLINK2-127
2 test cases from the picketlink-integration-tests hit this. Did your run
of the testsuite before the release passed without any issues?
3) missing documentation of the new STSClient pool feature. Even the JavaDoc
for methods is missing in STSClientPool and STSClientFactory classes. This
documentation will be needed by our documentation team.
4) I would like to bring to your attention the following features of the
implementation of the STS client pool:
- STSClientFactory doesn't provide access to the pool used - user doesn't
know he should return the STSClient instance to a pool. Should this be
documented, so leaks can be avoided?
- scaling is not possible - singleton is used in class STSClientPool
- once the pool is created it is not possible to resize it during runtime
(or create another one with different size)
- I don't see a possibility how to clean-up the pool - e.g. when a thread
which uses a client from pool dies
5) All the points above are also valid for PicketLink 2.5.3.Beta2, which is
included in EAP 6.3.0.DR0 -
https://bugzilla.redhat.com/show_bug.cgi?id=1064331
Anil, Peter, can you please comment on these?
I've created an EAP 5.3 test plan for STS pool here -
https://issues.jboss.org/browse/JBQA-8620
Don't hesitate to comment there, if you see invalid entries or if you are
missing some more points.
Thank you in advance,
-- josef
_______________________________________________
security-dev mailing list
security-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev