[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true
Kenneth Christensen (JIRA)
jira-events at lists.jboss.org
Wed Jun 4 12:51:30 EDT 2008
[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415619 ]
Kenneth Christensen commented on JBSEAM-3064:
---------------------------------------------
BTW: I can recommend JBoss/Red Hat to buy Web Performance Suite from Web Performance Incorporated (http://www.webperformanceinc.com/) - in my opinion the best Load Testing software for JBoss Seam, JSF, AJAX webapplications :-)
> AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true
> ---------------------------------------------------------------------------------------------------------------------
>
> Key: JBSEAM-3064
> URL: http://jira.jboss.com/jira/browse/JBSEAM-3064
> Project: Seam
> Issue Type: Bug
> Components: Security
> Affects Versions: 2.0.2.SP1, 2.0.2.GA, 2.0.1.GA
> Environment: Mac OS X 10.5.3
> JDK 1.5.0_13-b05-237
> JBoss 4.2.2.GA
> JBoss Seam 2.0.1.GA
> Drools 4.0.3
> Reporter: Kenneth Christensen
> Assigned To: Shane Bryzak
> Priority: Critical
> Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip
>
>
> I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5)
> my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2).
> And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules()
> used by RuleBasedIdentity.hasPermission().
> I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true.
> But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because
> securityContext.fireAllRules() don't call PermissionCheck.grant().
> But now its getting really weird :-)
> If I override RuleBasedIdentity.hasPermission() with:
> @Name("org.jboss.seam.security.identity")
> @Scope(SESSION)
> @BypassInterceptors
> @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory")
> @Startup
> public class RuleTest extends RuleBasedIdentity {
> @Override
> public boolean hasPermission(String name, String action, Object... arg) {
> boolean result = super.hasPermission(name, action, arg);
> if (!result) { // Are we sure, if result == false? One more time.
> result = super.hasPermission(name, action, arg);
> }
> return result;
> }
> }
> then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list