[JBoss-user] [Security JAAS/JBoss] - Re: Fundamental performance problem with JaasSecurityManager
The updated reference to this defect is: http://jira.jboss.com/jira/browse/JBAS-977 Alexander View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3863078#3863078 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3863078 --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag--drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Fundamental performance problem with JaasSecurityManager
Hi. Sorry, may be I missed something. Was this issue resolved (I did not manage to find this item 376687 in the list)? In addition, I did not catch the idea of the following method (version 3.2.6) org.jboss.security.plugins.JaasSecurityManager lines 114-121: /** Get the currently authenticated Subject in securityDomain. @return The Subject for securityDomain if one exists, false otherwise. */ public static Subject getActiveSubject(String securityDomain) { Subject subject = null; return subject; } Sorry, for stupid questions - where should I dig? Alexander View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3859014#3859014 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3859014 --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Fundamental performance problem with JaasSecurityManager
Hey, Nothing to do with the issue presented but we also had several performance problems with the login phase and we simply used 2 different approaches for the login strategy. First login using standard user/password login with costly database lookup of credentials, principals etc. In this login we generate a session id that is used to automatically lookup the cached logged credentials in another loginmodule for the rest of the client logins. In this way we somehow overule the need to create a different login module for each login attempt. Hope this helps. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3859031#3859031 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3859031 --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Fundamental performance problem with JaasSecurityManager
The scalability of the JaasSecurityManager.isValid method is a known issue and has an existing sourceforge bug: [ 974735 ] Slow performance of JaasSecurityManager http://sourceforge.net/tracker/index.php?func=detailaid=974735group_id=22866atid=376685 The getActiveSubject is useless and not part of any security interface contract. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3859048#3859048 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3859048 --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Fundamental performance problem with JaasSecurityManager
Warning: dont do what we did, it broke things badly, making it possible for identity switches to occur mid-flight. The problem is with the shared use of the CallbackHandler (SecurityAssociationHandler). JaasSecurityManager uses the same instance of the handler to transfer principal/credentials back and forth between incoming calls to authenticate and the configured login modules. At the very least, defaultLogin(principal, crendential) needs to be synchronized, unless JAASSecurityManager is changed to create a new instance of the CallbackHandler for each request. cheers craig a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3825011#3825011;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3825011Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Fundamental performance problem with JaasSecurityManager
Hi, Thanks for confirming the issue that we are seeing. I thought we might be going crazy there for a moment. cheers craig View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823476#3823476 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823476 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Fundamental performance problem with JaasSecurityManager
Improving the concurrency of the isValid method is on the todo list. You can post your patch to sourceforge and I'll look at it. http://sourceforge.net/tracker/?group_id=22866atid=376687 View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823507#3823507 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823507 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Fundamental performance problem with JaasSecurityManager
We discovered the same problem this week. In our case a login module blocked at the database by another transaction led to a system wide deadlock. It looks like there was an attempt to fix this last year, but the fix was rolled back a few days later: Mon Sep 15 15:52:01 2003 UTC (5 months, 1 week ago) by starksm Move the synchronization on the isValid method to the authenticate call to improve concurrency to the cache validation. Is another try at the fix likely in 3.2.x? In the meantime, be careful in your login modules. Norrie craigday wrote : It appears to us that the synchronization in JaasSecurityManager is capable of causing significant performance problems in JBoss 3.2.1. The isValid() method, which is called from everywhere to do authentication and check authorization, is synchronized, presumably to protect the security cache. Ultimately the isValid() call may result in a call to our login module, which typically does database work. While our login module is doing the database work (username/password lookup, roles etc) no other part of the system can make a call to isValid(). Scott? Anyone? does this make sense, or are we missing something more fundamental :) | View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823198#3823198 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823198 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Fundamental performance problem with JaasSecurityManager
We have replaced JaasSecurityManager with our own version that synchronizes on principal-keyed locks. It looks safe enough, and performance is greatly improved. Its trivial code, but I can submit it if anyone wants it. c View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3822545#3822545 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3822545 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user