Uploaded image for project: 'Geronimo'
  1. Geronimo
  2. GERONIMO-5800

logged-in Subjects are cleaned up after web requests complete

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.2.1, 3.0.0
    • Fix Version/s: None
    • Component/s: Jetty, Tomcat
    • Security Level: public (Regular issues)
    • Labels:
      None

      Description

      We generally don't clean up the logged in Subject when a web request returns. This results in a memory leak in ContextManager.subjectContexts. As well as geronimo changes I think this will need changes in the Jetty Authenticators we use. I think we control all the affected tomcat code. Ejb requests appear to already clean this up on exit.

      As an application-level workaround your app can call:

      Subject subject = ContextManager.getCurrentCaller();
      ContextManager.unregisterSubject(subject);

      immediately before control returns to the client. (I haven't tested this to make sure it doesn't break something else)

      Thanks to Morten Svanaes and David Frahm for reporting this problem on the user list. There may be a similar problem in 2.1.x but the code and solution will be somewhat different.

        Attachments

          Activity

            People

            • Assignee:
              djencks David Jencks
              Reporter:
              djencks David Jencks
            • Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: