[jboss-jira] [JBoss JIRA] Closed: (SECURITY-477) ConcurrentModificationException from the JBoss security manager

Stefan Guilhen (JIRA) jira-events at lists.jboss.org
Mon Mar 29 15:49:37 EDT 2010 

     [ https://jira.jboss.org/jira/browse/SECURITY-477?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefan Guilhen closed SECURITY-477.
-----------------------------------

    Resolution: Done


All access to the SimpleRoleGroup list of roles (including iterating over it) is now synchronized to avoid the ConcurrentModificationExceptions.

> ConcurrentModificationException from the JBoss security manager
> ---------------------------------------------------------------
>
>                 Key: SECURITY-477
>                 URL: https://jira.jboss.org/jira/browse/SECURITY-477
>             Project: PicketBox (JBoss Security and Identity Management)
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: JBossSX
>    Affects Versions: PicketBox_v3_0_beta3
>         Environment: JBoss AS trunk
>            Reporter: Jeff Mesnil
>            Assignee: Stefan Guilhen
>             Fix For: PicketBox_v3_0_beta4
>
>
> When HornetQ delegates roles validation to JBoss Security manager, it throws a ConcurrentModificationException:
> 16:58:24,449 ERROR [org.hornetq.core.protocol.core.ServerSessionPacketHandler] Caught unexpected exception: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.jboss.security.identity.plugins.SimpleRoleGroup.containsRole(SimpleRoleGroup.java:181)
> at org.jboss.security.plugins.JBossAuthorizationManager.doesRoleGroupHaveRole(JBossAuthorizationManager.java:254)
> at org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:194)
> at org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
> at org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
> at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
> This issue prevents to run TCK's JMS tests with security enabled in HornetQ.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list