[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

Kenneth Christensen (JIRA) jira-events at lists.jboss.org
Wed Jun 4 12:51:30 EDT 2008


    [ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415619 ] 
            
Kenneth Christensen commented on JBSEAM-3064:
---------------------------------------------

BTW: I can recommend JBoss/Red Hat to buy Web Performance Suite from Web Performance Incorporated (http://www.webperformanceinc.com/) - in my opinion the best Load Testing software for JBoss Seam, JSF, AJAX webapplications :-)


> AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: JBSEAM-3064
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064
>             Project: Seam
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.0.2.SP1, 2.0.2.GA, 2.0.1.GA
>         Environment: Mac OS X 10.5.3
> JDK 1.5.0_13-b05-237
> JBoss 4.2.2.GA
> JBoss Seam 2.0.1.GA
> Drools 4.0.3
>            Reporter: Kenneth Christensen
>         Assigned To: Shane Bryzak
>            Priority: Critical
>         Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip
>
>
> I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5)
> my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2).
> And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules()
> used by RuleBasedIdentity.hasPermission().
> I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true.
> But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because
> securityContext.fireAllRules() don't call PermissionCheck.grant().
> But now its getting really weird :-)
> If I override RuleBasedIdentity.hasPermission() with:
> @Name("org.jboss.seam.security.identity")
> @Scope(SESSION)
> @BypassInterceptors
> @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory")
> @Startup
> public class RuleTest extends RuleBasedIdentity {
>     @Override
>     public boolean hasPermission(String name, String action, Object... arg) {
>         boolean result = super.hasPermission(name, action, arg);
>         if (!result) { // Are we sure, if result == false? One more time.
>             result = super.hasPermission(name, action, arg);
>         }
>         return result;
>     }
> }
> then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        



More information about the seam-issues mailing list