[jboss-jira] [JBoss JIRA] Created: (JBAS-7822) Investigate race condition for security

[Stefan Ries (JIRA)]

Investigate race condition for security
---------------------------------------

                 Key: JBAS-7822
                 URL: https://jira.jboss.org/jira/browse/JBAS-7822
             Project: JBoss Application Server
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Security
         Environment: WinXP 64bit
            Reporter: Stefan Ries
            Assignee: Anil Saldhana
             Fix For: JBossAS-5.0.0.GA


I'm runnin several beans, let's call them A,B,C. They all run in the same security context. I'm using have a custom loginmodule and a custom principal.

Bean A has the following method:

public Principal getCurrentPrincipal() {
		if (log.isTraceEnabled()) {
			log.trace("getCurrentPrincipal() - start"); //$NON-NLS-1$
		}

		Principal returnPrincipal = sCtx.getCallerPrincipal();
		if (log.isTraceEnabled()) {
			log
					.trace("getCurrentPrincipal() - end - return value=" + returnPrincipal); //$NON-NLS-1$
		}
		return returnPrincipal;
	}

My test runs 3 threads. 
- Thread1: Fetches non-stop entities using bean B
- Thread2: Fetches non-stop entities using bean C
- Thread3:  Endless loop of:
--Perform login
--call BeanA.getCurrentPrincipal();
--Compare principal name with login name
--logout

After running this several minutes, the name of the principal is "anonymous" (the unauthenticated principal). When disabeling Thread 1 and 2, the error does not occur.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira