Uploaded image for project: 'Geode'
  1. Geode
  2. GEODE-6267

Subjects are not logged out when a client departs causing a memory leak

    XMLWordPrintableJSON

Details

    Description

      When a client with security enabled connects to a server, the IntegratedSecurityService logs in a Subject. This causes a SimpleSession to be created.

      The Subject is stored in ClientUserAuths.uniqueIdVsSubject.

      Here is a stack showing the SimpleSession creation:

      [warning 2019/01/08 18:02:42.993 PST server1 <ServerConnection on port 40401 Thread 0> tid=0x4e] SimpleSession.<init> invoked:
      java.lang.Exception
       at org.apache.shiro.session.mgt.SimpleSession.<init>(SimpleSession.java:99)
       at org.apache.shiro.session.mgt.SimpleSessionFactory.createSession(SimpleSessionFactory.java:44)
       at org.apache.shiro.session.mgt.DefaultSessionManager.newSessionInstance(DefaultSessionManager.java:163)
       at org.apache.shiro.session.mgt.DefaultSessionManager.doCreateSession(DefaultSessionManager.java:154)
       at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.createSession(AbstractValidatingSessionManager.java:136)
       at org.apache.shiro.session.mgt.AbstractNativeSessionManager.start(AbstractNativeSessionManager.java:99)
       at org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:152)
       at org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:336)
       at org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:312)
       at org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(DefaultSubjectDAO.java:204)
       at org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(DefaultSubjectDAO.java:166)
       at org.apache.shiro.mgt.DefaultSubjectDAO.save(DefaultSubjectDAO.java:147)
       at org.apache.shiro.mgt.DefaultSecurityManager.save(DefaultSecurityManager.java:383)
       at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350)
       at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:183)
       at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:283)
       at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
       at org.apache.geode.internal.security.IntegratedSecurityService.login(IntegratedSecurityService.java:139)
       at org.apache.geode.internal.cache.tier.sockets.HandShake.verifyCredentials(HandShake.java:1688)
       at org.apache.geode.internal.cache.tier.sockets.ServerConnection.setCredentials(ServerConnection.java:1044)
       at org.apache.geode.internal.cache.tier.sockets.command.PutUserCredentials.cmdExecute(PutUserCredentials.java:52)
       at org.apache.geode.internal.cache.tier.sockets.BaseCommand.execute(BaseCommand.java:163)
       at org.apache.geode.internal.cache.tier.sockets.ServerConnection.doNormalMsg(ServerConnection.java:797)
       at org.apache.geode.internal.cache.tier.sockets.LegacyServerConnection.doOneMessage(LegacyServerConnection.java:85)
       at org.apache.geode.internal.cache.tier.sockets.ServerConnection.run(ServerConnection.java:1179)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
       at org.apache.geode.internal.cache.tier.sockets.AcceptorImpl$4$1.run(AcceptorImpl.java:641)
       at java.lang.Thread.run(Thread.java:745)
      

      When the client disconnects, the ClientUserAuths is cleaned up (in cleanup), but the Subjects are not logged out.

      With subscription-enabled=true, an additional Subject is created and stored in the CacheClientProxy subject. This Subject is not logged out either.

      Here is a stack showing the SimpleSession creation:

      [warning 2019/01/08 18:02:43.023 PST server1 <Client Queue Initialization Thread 0> tid=0x52] SimpleSession.<init> invoked:
      java.lang.Exception
       at org.apache.shiro.session.mgt.SimpleSession.<init>(SimpleSession.java:99)
       at org.apache.shiro.session.mgt.SimpleSessionFactory.createSession(SimpleSessionFactory.java:44)
       at org.apache.shiro.session.mgt.DefaultSessionManager.newSessionInstance(DefaultSessionManager.java:163)
       at org.apache.shiro.session.mgt.DefaultSessionManager.doCreateSession(DefaultSessionManager.java:154)
       at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.createSession(AbstractValidatingSessionManager.java:136)
       at org.apache.shiro.session.mgt.AbstractNativeSessionManager.start(AbstractNativeSessionManager.java:99)
       at org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:152)
       at org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:336)
       at org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:312)
       at org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(DefaultSubjectDAO.java:204)
       at org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(DefaultSubjectDAO.java:166)
       at org.apache.shiro.mgt.DefaultSubjectDAO.save(DefaultSubjectDAO.java:147)
       at org.apache.shiro.mgt.DefaultSecurityManager.save(DefaultSecurityManager.java:383)
       at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350)
       at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:183)
       at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:283)
       at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
       at org.apache.geode.internal.security.IntegratedSecurityService.login(IntegratedSecurityService.java:139)
       at org.apache.geode.internal.cache.tier.sockets.HandShake.verifyCredentials(HandShake.java:1688)
       at org.apache.geode.internal.cache.tier.sockets.CacheClientNotifier.registerGFEClient(CacheClientNotifier.java:343)
       at org.apache.geode.internal.cache.tier.sockets.CacheClientNotifier.registerClient(CacheClientNotifier.java:279)
       at org.apache.geode.internal.cache.tier.sockets.AcceptorImpl$ClientQueueInitializerTask.run(AcceptorImpl.java:1844)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
       at org.apache.geode.internal.cache.tier.sockets.AcceptorImpl$3$1.run(AcceptorImpl.java:611)
       at java.lang.Thread.run(Thread.java:745)
      

      Both of these cause a memory leak of SimpleSessions.

      In my simple test where a client with subscription-enabled=true connects and disconnects, 3 SimpleSessions are created. Each additional client connect/disconnect causes 3 more SimpleSessions to be created.

       

      Attachments

        Issue Links

          Activity

            People

              boglesby Barrett Oglesby
              boglesby Barrett Oglesby
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 50m
                  1h 50m