[jboss-jira] [JBoss JIRA] (WFCORE-490) ModelControllerImpl uses SecureRandom per request
James Livingston (JIRA)
issues at jboss.org
Tue Jan 13 23:39:49 EST 2015
[ https://issues.jboss.org/browse/WFCORE-490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13032331#comment-13032331 ]
James Livingston commented on WFCORE-490:
-----------------------------------------
The second one (line 401) is per boot of the server, but the first (line 337) is per request in internalExecute(). It could occur more than once per request if the attempt at putting it in the activeOperations map fails due to there already being an operation with the same id.
> ModelControllerImpl uses SecureRandom per request
> -------------------------------------------------
>
> Key: WFCORE-490
> URL: https://issues.jboss.org/browse/WFCORE-490
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Domain Management
> Affects Versions: 1.0.0.Alpha15
> Reporter: James Livingston
> Assignee: Brian Stansberry
>
> https://github.com/wildfly/wildfly-core/blob/master/controller/src/main/java/org/jboss/as/controller/ModelControllerImpl.java#L337 and https://github.com/wildfly/wildfly-core/blob/master/controller/src/main/java/org/jboss/as/controller/ModelControllerImpl.java#L401 create a new SecureRandom which is used to seed a normal Random, and that is thrown away after one use. That causes it to use entropy from the OS pool, which if done at a sufficiently high rate on servers can cause stalls.
> I can't think of any reason why the operation ID would need to be a secure random number rather than a normal one, so unless there is one it may be better to use a normal Random and not drain the entropy pool.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jboss-jira
mailing list