[jboss-jira] [JBoss JIRA] (JBAS-7468) Memory leak in org.jboss.security.plugins.authorization.JBossAuthorizationContext
Adam Zovits (JIRA)
jira-events at lists.jboss.org
Wed Sep 12 03:42:34 EDT 2012
[ https://issues.jboss.org/browse/JBAS-7468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12717773#comment-12717773 ]
Adam Zovits commented on JBAS-7468:
-----------------------------------
Hi all!
I know this is an old issue concerning an old version of JBoss, but I also have this exact problem.
After finding and downloading the above mentioned jar files ( http://maven.antelink.com/service/local/repo_groups/public-jboss/content/org/jboss/security/jboss-security-spi/2.0.4.SP3/jboss-security-spi-2.0.4.SP3.jar and http://maven.antelink.com/service/local/repo_groups/public-jboss/content/org/jboss/security/jbosssx/2.0.4.SP3/jbosssx-2.0.4.SP3.jar ) from an old mirror that wasn't shut down yet, I replaced the relevant ones in a freshly downloaded JBoss 5.1.0 instance and started deploying our project.
One hour later VisualVM says there are 657,664 instances of SimpleRole, just like before the proposed workaround.
Did I do something wrong? Or are there any other known fixes, patches, workarounds, anything?
We'd be grateful for any help in this matter.
Thanks in advance!
> Memory leak in org.jboss.security.plugins.authorization.JBossAuthorizationContext
> ---------------------------------------------------------------------------------
>
> Key: JBAS-7468
> URL: https://issues.jboss.org/browse/JBAS-7468
> Project: Application Server 3 4 5 and 6
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: JBossAS-5.1.0.GA
> Environment: JBoss Version: jboss-5.1.0.GA, OS: Linux (2.6.18-164.el5), Architecture: amd64 64bit, JVM: Java HotSpot(TM) 64-Bit Server VM (14.0-b16, mixed mode)
> Reporter: Ganesh Ingle
> Assignee: Anil Saldhana
> Labels: JBossAuthorizationContext_leak, JBossAuthorizationContext_memleak, JBossAuthorizationContext_outofmemory, JBoss_outofmemory, memoryleak, outofmemory
> Fix For: 6.0.0.M1
>
> Attachments: HeapMemoryOldGen.png, JBossAuthorizationContext.java, JBossAuthorizationContext_MemLeak.png
>
>
> Our use case (only security related portion is mentioned here):
> Axis 1.4 webservice, standard J2EE declarative security through WEB-INF/web.xml, a http client sends soap request and BASIC auth information, the JBoss server performs authentication and authorization as per WEB-INF/web.xml configuration.
> We did a performance/stability test on above web service. After 8.5 million requests the server gone out of memory. We did heap dump analysis using VisualVM tool and found that the class org.jboss.security.plugins.authorization.JBossAuthorizationContext is consuming most of the memory. This class has a memer array named "controlFlags", this array was showing 25.7 million ControlFlag entries.
> When we investigated the code we found that there is one instance of JBossAuthorizationManager per security domain and this manager has one instance of JBossAuthorizationContext. For every authorization the JBossAuthorizationContext initializes authorization modules and pushes their control flags (instances of class ControlFlag) in member arrays. When the authorization is complete, a commit/abort is invoked on all modules and finally the "modules" array is cleared. However, the "controlFlags" array is not cleared. We checked the entire class, this array never gets cleared.
> We changed the code to clear both "modules" and "controlFlags" array in a finally block in method JBossAuthorizationContext.authorize(final Resource resource, final Subject subject, final RoleGroup callerRoles). We ran a 50million test after this fix, the test was successful which proves the fix worked.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list