[jboss-jira] [JBoss JIRA] Updated: (JBPORTAL-1782) CMS security checks using ldap causes "too many open files" error
Thomas Heute (JIRA)
jira-events at lists.jboss.org
Sat Nov 3 06:36:44 EDT 2007
[ http://jira.jboss.com/jira/browse/JBPORTAL-1782?page=all ]
Thomas Heute updated JBPORTAL-1782:
-----------------------------------
Fix Version/s: 2.6.3 Final
Assignee: Boleslaw Dawidowicz (was: Sohil Shah)
> CMS security checks using ldap causes "too many open files" error
> -----------------------------------------------------------------
>
> Key: JBPORTAL-1782
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-1782
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal CMS, Portal Identity
> Affects Versions: 2.6.1 Final
> Environment: Linux
> Reporter: frontline frontline
> Assigned To: Boleslaw Dawidowicz
> Fix For: 2.6.3 Final
>
>
> I have configured the portal to use OpenDS as the "user store".
> I noticed that if I log in as some other user than admin and then perform many CMS operations I eventually get an "java.net.SocketException: Too many open files" error.
> Apparently the portal always opens a new connection when getting role info etc. for authorization? So there is no caching or even pooling of the ldap connections? Isn't this also potentially bad for performance (and for the poor ldap server)?
> If I wait a while the connections become usable again so there is no connection leak (the sockets are in TIME_WAIT for a while).
> Here is the error:
> java.net.SocketException: Too many open files
> java.net.Socket.createImpl(Socket.java:388)
> java.net.Socket.<init>(Socket.java:361)
> java.net.Socket.<init>(Socket.java:179)
> com.sun.jndi.ldap.Connection.createSocket(Connection.java:346)
> com.sun.jndi.ldap.Connection.<init>(Connection.java:181)
> com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
> com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1578)
> com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2596)
> com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
> javax.naming.InitialContext.init(InitialContext.java:223)
> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
> org.jboss.portal.identity.ldap.LDAPConnectionContext.createInitialContext(LDAPConnectionContext.java:99)
> org.jboss.portal.identity.ldap.LDAPUserModuleImpl.searchUsers(LDAPUserModuleImpl.java:353)
> org.jboss.portal.identity.ldap.LDAPUserModuleImpl.findUserByUserName(LDAPUserModuleImpl.java:81)
> org.jboss.portal.cms.security.AuthorizationProviderImpl.findPermissionsByUser(AuthorizationProviderImpl.java:365)
> org.jboss.portal.cms.security.AuthorizationProviderImpl.getSecurityBindings(AuthorizationProviderImpl.java:147)
> org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.getPermissions(ACLEnforcer.java:573)
> org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.computeAccess(ACLEnforcer.java:330)
> org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.hasReadAccess(ACLEnforcer.java:209)
> org.jboss.portal.cms.impl.jcr.command.ACLEnforcer.hasAccess(ACLEnforcer.java:120)
> org.jboss.portal.cms.security.AuthorizationManagerImpl.checkPermission(AuthorizationManagerImpl.java:127)
> org.jboss.portal.cms.impl.interceptors.ACLInterceptor.invoke(ACLInterceptor.java:238)
> org.jboss.portal.cms.CMSInterceptor.invoke(CMSInterceptor.java:36)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list