Quantcast

[jira] Created: (GERONIMO-5800) logged-in Subjects are cleaned up after web requests complete

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jira] Created: (GERONIMO-5800) logged-in Subjects are cleaned up after web requests complete

JIRA jira@apache.org
logged-in Subjects are cleaned up after web requests complete
-------------------------------------------------------------

                 Key: GERONIMO-5800
                 URL: https://issues.apache.org/jira/browse/GERONIMO-5800
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: Jetty, Tomcat
    Affects Versions: 2.2.1, 3.0
            Reporter: David Jencks
            Assignee: David Jencks


We generally don't clean up the logged in Subject when a web request returns.  This results in a memory leak in ContextManager.subjectContexts. As well as geronimo changes I think this will need changes in the Jetty Authenticators we use.  I think we control all the affected tomcat code.  Ejb requests appear to already clean this up on exit.

As an application-level workaround your app can call:

Subject subject = ContextManager.getCurrentCaller();
ContextManager.unregisterSubject(subject);

immediately before control returns to the client.  (I haven't tested this to make sure it doesn't break something else)

Thanks to Morten Svanaes and David Frahm for reporting this problem on the user list.  There may be a similar problem in 2.1.x but the code and solution will be somewhat different.

--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jira] [Commented] (GERONIMO-5800) logged-in Subjects are cleaned up after web requests complete

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/GERONIMO-5800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13153129#comment-13153129 ]

David Frahm commented on GERONIMO-5800:
---------------------------------------

Any ideas on if/when this might be fixed?  This seems like something that would be a very big deal, but maybe its just me?

My linux/geronimo servers run for about a week and then need to be restarted.  I've got a cron job that does it, but that is way more downtime than we're used to requiring.  Plus, it just seems so wrong ;-)

I understand and respect the fact that this is open source and free software, so this is NOT a complaint.  I'm just trying to figure what our strategy moving forward.

On another note, we are working on some official IBM WASCE support.  Would that help to get this resolved or are they just going to diagnose and tell me what I already know?

               

> logged-in Subjects are cleaned up after web requests complete
> -------------------------------------------------------------
>
>                 Key: GERONIMO-5800
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5800
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues)
>          Components: Jetty, Tomcat
>    Affects Versions: 2.2.1, 3.0
>            Reporter: David Jencks
>            Assignee: David Jencks
>
> We generally don't clean up the logged in Subject when a web request returns.  This results in a memory leak in ContextManager.subjectContexts. As well as geronimo changes I think this will need changes in the Jetty Authenticators we use.  I think we control all the affected tomcat code.  Ejb requests appear to already clean this up on exit.
> As an application-level workaround your app can call:
> Subject subject = ContextManager.getCurrentCaller();
> ContextManager.unregisterSubject(subject);
> immediately before control returns to the client.  (I haven't tested this to make sure it doesn't break something else)
> Thanks to Morten Svanaes and David Frahm for reporting this problem on the user list.  There may be a similar problem in 2.1.x but the code and solution will be somewhat different.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jira] [Issue Comment Edited] (GERONIMO-5800) logged-in Subjects are cleaned up after web requests complete

JIRA jira@apache.org
In reply to this post by JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/GERONIMO-5800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13153129#comment-13153129 ]

David Frahm edited comment on GERONIMO-5800 at 1/3/12 2:52 PM:
---------------------------------------------------------------

I understand and respect the fact that this is open source and free software, so this is NOT a complaint.  I'm just trying to figure a strategy moving forward with our apps on this platform.

Any ideas on if/when this might be fixed?  This seems like the kind of issue that would be a very big deal to many users, but maybe its just me?

My linux/geronimo servers run for about a week and then need to be restarted.  I've got a cron job that does it, but that sometimes causes other issues and is way more downtime than we're used to requiring.  Plus, it just seems so wrong ;-)

On another note, we are working on some official IBM WASCE support.  Would that help to get this resolved/patched or are they just going to diagnose and tell me what I already know?

               
      was (Author: [hidden email]):
    Any ideas on if/when this might be fixed?  This seems like something that would be a very big deal, but maybe its just me?

My linux/geronimo servers run for about a week and then need to be restarted.  I've got a cron job that does it, but that is way more downtime than we're used to requiring.  Plus, it just seems so wrong ;-)

I understand and respect the fact that this is open source and free software, so this is NOT a complaint.  I'm just trying to figure what our strategy moving forward.

On another note, we are working on some official IBM WASCE support.  Would that help to get this resolved or are they just going to diagnose and tell me what I already know?

                 

> logged-in Subjects are cleaned up after web requests complete
> -------------------------------------------------------------
>
>                 Key: GERONIMO-5800
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5800
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues)
>          Components: Jetty, Tomcat
>    Affects Versions: 2.2.1, 3.0
>            Reporter: David Jencks
>            Assignee: David Jencks
>
> We generally don't clean up the logged in Subject when a web request returns.  This results in a memory leak in ContextManager.subjectContexts. As well as geronimo changes I think this will need changes in the Jetty Authenticators we use.  I think we control all the affected tomcat code.  Ejb requests appear to already clean this up on exit.
> As an application-level workaround your app can call:
> Subject subject = ContextManager.getCurrentCaller();
> ContextManager.unregisterSubject(subject);
> immediately before control returns to the client.  (I haven't tested this to make sure it doesn't break something else)
> Thanks to Morten Svanaes and David Frahm for reporting this problem on the user list.  There may be a similar problem in 2.1.x but the code and solution will be somewhat different.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jira] [Commented] (GERONIMO-5800) logged-in Subjects are cleaned up after web requests complete

JIRA jira@apache.org
In reply to this post by JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/GERONIMO-5800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13213361#comment-13213361 ]

Forrest Xia commented on GERONIMO-5800:
---------------------------------------

I did not follow up the history discussion here for this jira, can anyone provide a reproduceble steps here to reproduce this issue? A sample application could help a lot on determining this issue quickly.

Thanks!
               

> logged-in Subjects are cleaned up after web requests complete
> -------------------------------------------------------------
>
>                 Key: GERONIMO-5800
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5800
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues)
>          Components: Jetty, Tomcat
>    Affects Versions: 2.2.1, 3.0
>            Reporter: David Jencks
>            Assignee: David Jencks
>
> We generally don't clean up the logged in Subject when a web request returns.  This results in a memory leak in ContextManager.subjectContexts. As well as geronimo changes I think this will need changes in the Jetty Authenticators we use.  I think we control all the affected tomcat code.  Ejb requests appear to already clean this up on exit.
> As an application-level workaround your app can call:
> Subject subject = ContextManager.getCurrentCaller();
> ContextManager.unregisterSubject(subject);
> immediately before control returns to the client.  (I haven't tested this to make sure it doesn't break something else)
> Thanks to Morten Svanaes and David Frahm for reporting this problem on the user list.  There may be a similar problem in 2.1.x but the code and solution will be somewhat different.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jira] [Commented] (GERONIMO-5800) logged-in Subjects are cleaned up after web requests complete

JIRA jira@apache.org
In reply to this post by JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/GERONIMO-5800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13213428#comment-13213428 ]

David Jencks commented on GERONIMO-5800:
----------------------------------------

I think that if you deploy any web app that uses security, visit a secured web page (requiring you to log in), and examine ContextManager.subjectContexts you will see an entry.  There is no code anywhere to remove that entry.

IIRC there is a call into the jaspic authenticator when the request is about to return and we should try putting the code I suggested in that method or in the code that calls that method.  For jetty, the authenticators may not be actual jaspic authenticators but something similar more adapted to web apps.
               

> logged-in Subjects are cleaned up after web requests complete
> -------------------------------------------------------------
>
>                 Key: GERONIMO-5800
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5800
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues)
>          Components: Jetty, Tomcat
>    Affects Versions: 2.2.1, 3.0
>            Reporter: David Jencks
>            Assignee: David Jencks
>
> We generally don't clean up the logged in Subject when a web request returns.  This results in a memory leak in ContextManager.subjectContexts. As well as geronimo changes I think this will need changes in the Jetty Authenticators we use.  I think we control all the affected tomcat code.  Ejb requests appear to already clean this up on exit.
> As an application-level workaround your app can call:
> Subject subject = ContextManager.getCurrentCaller();
> ContextManager.unregisterSubject(subject);
> immediately before control returns to the client.  (I haven't tested this to make sure it doesn't break something else)
> Thanks to Morten Svanaes and David Frahm for reporting this problem on the user list.  There may be a similar problem in 2.1.x but the code and solution will be somewhat different.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       
Loading...