qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Godfrey (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-7082) [Java Broker] Created AccessControllerContext for SystemTasks should not reference current context
Date Fri, 19 Feb 2016 13:40:18 GMT

     [ https://issues.apache.org/jira/browse/QPID-7082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rob Godfrey updated QPID-7082:
------------------------------
    Description: 
The code within {code}SecurityManager.getSystemTaskControllerContext(String taskName, Principal
principal){code} creates a context which inherits from the current thread AcessControllerContext.
 This context may contain references to the current user / connection / session.  

One instance of this issue is the AccessControlContext referenced from Queue#_immediateDeliveryContext.
If queue is created via messaging layer, the existing AccessControlContext can hold references
to ConnectionPrincipal and SessionPrincipal and their connection and session object accordingly.
 As result, Queue#_immediateDeliveryContext can refer  ConnectionPrincipal and SessionPrincipa
prebeting garbage collection of corresponding AMQPConnection and AMQSessionModel objects for
the duration of the queue life. With lots of long lived queues that were created by lots of
different connections the broker memory consumption might grow in time and eventially Broker
can run OOM if not bounced.

The AccessContollerContext created by the method should not inherit and context, and thus
no references to users/connection/sessions etc. will be retained.


  was:
Instance of AccessControlContext referenced from Queue#_immediateDeliveryContext is created
from an existing AccessControlContext on queue creation. If queue is created via messaging
layer, the existing AccessControlContext can hold references to ConnectionPrincipal and SessionPrincipal
and their connection and session object accordingly.  As result, Queue#_immediateDeliveryContext
can refer  ConnectionPrincipal and SessionPrincipa prebeting garbage collection of corresponding
AMQPConnection and AMQSessionModel objects for the duration of the queue life.

With lots of long lived queues that were created by lots of different connections the broker
memory consumption might grow in time and eventially Broker can run OOM if not bounced.

It seems we do not need to refer an existing AccessControlContext from any system AccessControlContext.


> [Java Broker] Created AccessControllerContext for SystemTasks should not reference current
context
> --------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7082
>                 URL: https://issues.apache.org/jira/browse/QPID-7082
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: qpid-java-6.0, qpid-java-6.0.1
>            Reporter: Alex Rudyy
>
> The code within {code}SecurityManager.getSystemTaskControllerContext(String taskName,
Principal principal){code} creates a context which inherits from the current thread AcessControllerContext.
 This context may contain references to the current user / connection / session.  
> One instance of this issue is the AccessControlContext referenced from Queue#_immediateDeliveryContext.
If queue is created via messaging layer, the existing AccessControlContext can hold references
to ConnectionPrincipal and SessionPrincipal and their connection and session object accordingly.
 As result, Queue#_immediateDeliveryContext can refer  ConnectionPrincipal and SessionPrincipa
prebeting garbage collection of corresponding AMQPConnection and AMQSessionModel objects for
the duration of the queue life. With lots of long lived queues that were created by lots of
different connections the broker memory consumption might grow in time and eventially Broker
can run OOM if not bounced.
> The AccessContollerContext created by the method should not inherit and context, and
thus no references to users/connection/sessions etc. will be retained.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message