[jboss-jira] [JBoss JIRA] (WFLY-9251) Security context is not thread safe
Rémy Delerue (JIRA)
issues at jboss.org
Fri Sep 1 05:11:01 EDT 2017
[ https://issues.jboss.org/browse/WFLY-9251?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13457396#comment-13457396 ]
Rémy Delerue edited comment on WFLY-9251 at 9/1/17 5:10 AM:
------------------------------------------------------------
Hello Tomaz,
Thank you for your answer.
I'm working with Charles and I'm assigned to this task.
We reproduce our issue with wildfly-11.0.0.Beta1 and wildfly-11.0.0.CR1.
But there's something noticeable:
* with wildfly-10.1.0.Final:
** {failed_count: 103, shots_count: 1000, succeeded_count: 897}
* with wildfly-11.0.0.Beta1:
** {failed_count: 2, shots_count: 1000, succeeded_count: 998}
* with wildfly-11.0.0.CR1:
** {failed_count: 4, shots_count: 1000, succeeded_count: 996}
What do you think about that?
Regards,
Rémy.
(In attachment, the script I used to reproduce the issue. [^wildfly-auth-overloader.js])
was (Author: clivia):
Hello Tomaz,
Thank you for your answer.
I'm working with Charles and I'm assigned to this task.
We reproduce our issue with wildfly-11.0.0.Beta1 and wildfly-11.0.0.CR1.
But there's something noticeable:
* with wildfly-10.1.0.Final: {failed_count: 103, shots_count: 1000, succeeded_count: 897}
* with wildfly-11.0.0.Beta1: {failed_count: 2, shots_count: 1000, succeeded_count: 998}
* with wildfly-11.0.0.CR1: {failed_count: 4, shots_count: 1000, succeeded_count: 996}
What do you think about that?
Regards,
Rémy.
(In attachment, the script I used to reproduce the issue. [^wildfly-auth-overloader.js])
> Security context is not thread safe
> -----------------------------------
>
> Key: WFLY-9251
> URL: https://issues.jboss.org/browse/WFLY-9251
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.1.0.Final
> Environment: Windows, LInux
> Reporter: charles ghislain
> Assignee: Darran Lofthouse
> Labels: jaas, security, security-context, thread-safety, threads
> Attachments: wildfly-auth-overloader.js, wildflytestauthcontext-2.zip, wildflytestauthcontext.zip
>
>
> Using a custom JAAS login module, we sometimes fail to obtain the authenticated subject from the 'javax.security.auth.Subject.container' policy context. This appear to be related to the worker threads.
> See the reproduction steps below. When a wildfly instance attempts to authenticate 500 requests coming simultaneously, a bunch of them fail. If you configure wildfly to only use a single worker thread and a single task thread, this issue disappears.
> The issue is as follow:
> I login using HttpServletRequest#login.
> Right after that, login.getUserPrincipal return the correct principal.
> However, sometimes, PolicyContext.getContext("javax.security.auth.Subject.container") returns null. Right after the login.
> In our production app, PolicyContext.getContext("javax.security.auth.Subject.container") returns null during some EJB call, throwing random exceptions from various parts of the application.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list