Uploaded image for project: 'EJB 3.0'
  1. EJB 3.0
  2. EJBTHREE-558

Memory Leak in AuthenticationInterceptor

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • Branch_4_2
    • None
    • Security
    • None

    Description

      In org.jboss.aspects.security.AuthenticationInterceptor.invoke(), the finally clause sets SecurityAssociation principal and credential to null. Although I think this was intended to clear any login, what it does is add a SubjectContext with principal = null to the SecurityAssociation.subjectContext stack. This entry is never removed and each time this block of code is invoked, it adds another item to the stack. The stack grows and grows. I think this is mainly a problem when restorePrincipal is true.

      What also compounds the problem is that if users were logged in by application code and never logged out, they remain on the stack in this thread indefinitely. Not only is this a problem with the stack growing, it is also a security vulnerability because it means there are still authenticated users on the stack that can be restored by another client or process using the same thread.

      My initial thought on how to fix this was to call the SecurityPrincipal.clear() method in place of setting the principal to null. However I'm not sure it is safe to call clear in that particular place possibly resulting in authentication errors if users are logged out prematurely. Additionally, the 'if' clause there means the code is not always executed so in some cases the clear will not occur. I think the clear needs to be called at some point but I don't know the code well enough to know where the appropriate place would be.

      Here is the snippet of code in question. See the finally clause:

      /**

      • Authenticates the caller using the principal and credentials in the
      • Infocation if thre is a security manager and an invcocation method.
        */
        public Object invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable
        {
        try { authenticate(invocation); }

        catch (GeneralSecurityException gse)

        { handleGeneralSecurityException(gse); }

      Object oldDomain = SecurityContext.currentDomain.get();
      try

      { SecurityContext.currentDomain.set(authenticationManager); return invocation.invokeNext(); }

      finally
      {
      SecurityContext.currentDomain.set(oldDomain);
      // so that the principal doesn't keep being associated with thread if the thread is pooled
      SecurityAssociation.popSubjectContext();

      if (invocation.getMetaData("security", "principal") != null)

      { SecurityAssociation.setPrincipal(null); SecurityAssociation.setCredential(null); }

      }
      }

      Attachments

        Issue Links

          blocks

          Task - Represents a small unit of work that is not end-user facing. EJBTHREE-498 Review duplicate security constructs

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open
          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. EJBTHREE-1891 ServiceContainer may not be popping the Principal

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              starksm64 Scott Stark (Inactive)
              jwynett Luigi Putanesca (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: