[jboss-jira] [JBoss JIRA] Commented: (JBAS-7822) Investigate race condition for security

Stefan Ries (JIRA) jira-events at lists.jboss.org
Tue Mar 23 13:35:39 EDT 2010 

    [ https://jira.jboss.org/jira/browse/JBAS-7822?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12521474#action_12521474 ] 

Stefan Ries commented on JBAS-7822:
-----------------------------------

I'm not yet able to provide a testcase but I can add some information I figured out:
-- I removed the custom loginmodule and the custom principal. I'm using the org.jboss.security.auth.spi.UsersRolesLoginModule now. 
--I configured the unauthenticatedIdentity to "foobar".
The error still occurs in the exact same manner, stating that the principal is "anonymous" and not "foobar" as expected.
I also saw the error occuring once with just Thread 3 running. It just seems to take longer to happen.

> Investigate race condition for security
> ---------------------------------------
>
>                 Key: JBAS-7822
>                 URL: https://jira.jboss.org/jira/browse/JBAS-7822
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: JBossAS-5.0.0.GA
>         Environment: WinXP 64bit
>            Reporter: Stefan Ries
>            Assignee: Anil Saldhana
>
> I'm runnin several beans, let's call them A,B,C. They all run in the same security context. I'm using have a custom loginmodule and a custom principal.
> Bean A has the following method:
> public Principal getCurrentPrincipal() {
> 		if (log.isTraceEnabled()) {
> 			log.trace("getCurrentPrincipal() - start"); //$NON-NLS-1$
> 		}
> 		Principal returnPrincipal = sCtx.getCallerPrincipal();
> 		if (log.isTraceEnabled()) {
> 			log
> 					.trace("getCurrentPrincipal() - end - return value=" + returnPrincipal); //$NON-NLS-1$
> 		}
> 		return returnPrincipal;
> 	}
> My test runs 3 threads. 
> - Thread1: Fetches non-stop entities using bean B
> - Thread2: Fetches non-stop entities using bean C
> - Thread3:  Endless loop of:
> --Perform login
> --call BeanA.getCurrentPrincipal();
> --Compare principal name with login name
> --logout
> After running this several minutes, the name of the principal is "anonymous" (the unauthenticated principal). When disabeling Thread 1 and 2, the error does not occur.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list