[jboss-jira] [JBoss JIRA] (WFLY-3429) Classloader leak in JBossCachedAuthenticationManager
Emmanuel Hugonnet (JIRA)
issues at jboss.org
Mon Jun 16 02:48:24 EDT 2014
[ https://issues.jboss.org/browse/WFLY-3429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12976401#comment-12976401 ]
Emmanuel Hugonnet commented on WFLY-3429:
-----------------------------------------
https://github.com/ehsavoie/wildfly/tree/WFLY-3429 waiting for a new version of picketbox
> Classloader leak in JBossCachedAuthenticationManager
> ----------------------------------------------------
>
> Key: WFLY-3429
> URL: https://issues.jboss.org/browse/WFLY-3429
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: 8.1.0.Final
> Reporter: Josef Cacek
> Assignee: Emmanuel Hugonnet
> Priority: Critical
>
> When using a security domain with {{cache-type="default"}}, then the ModuleClassLoader instances related to deployments leak through JBossCachedAuthenticationManager.
> The problematic piece of code is the domainCache member variable which in the DomainInfo value holds a LoginContext instance. This LoginContext has member contextClassLoader which causes the leak. (It points to the ModuleClassLoader of the deployment).
> One option to solve this issue could be to remove the cache entries which are related to the undeployed application.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jboss-jira
mailing list