Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-7822

Investigate race condition for security

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Major Major
    • No Release
    • JBossAS-5.0.0.GA
    • Security
    • None

    • WinXP 64bit

      I'm runnin several beans, let's call them A,B,C. They all run in the same security context. I'm using have a custom loginmodule and a custom principal.

      Bean A has the following method:

      public Principal getCurrentPrincipal() {
      if (log.isTraceEnabled())

      { log.trace("getCurrentPrincipal() - start"); //$NON-NLS-1$ }

      Principal returnPrincipal = sCtx.getCallerPrincipal();
      if (log.isTraceEnabled())

      { log .trace("getCurrentPrincipal() - end - return value=" + returnPrincipal); //$NON-NLS-1$ }

      return returnPrincipal;
      }

      My test runs 3 threads.

      • Thread1: Fetches non-stop entities using bean B
      • Thread2: Fetches non-stop entities using bean C
      • Thread3: Endless loop of:
        --Perform login
        --call BeanA.getCurrentPrincipal();
        --Compare principal name with login name
        --logout

      After running this several minutes, the name of the principal is "anonymous" (the unauthenticated principal). When disabeling Thread 1 and 2, the error does not occur.

              anil.saldhana Anil Saldanha (Inactive)
              steff517 Stefan Ries (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: