geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Created: (GERONIMO-5800) logged-in Subjects are cleaned up after web requests complete
Date Tue, 08 Feb 2011 21:58:57 GMT
logged-in Subjects are cleaned up after web requests complete

                 Key: GERONIMO-5800
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: Jetty, Tomcat
    Affects Versions: 2.2.1, 3.0
            Reporter: David Jencks
            Assignee: David Jencks

We generally don't clean up the logged in Subject when a web request returns.  This results
in a memory leak in ContextManager.subjectContexts. As well as geronimo changes I think this
will need changes in the Jetty Authenticators we use.  I think we control all the affected
tomcat code.  Ejb requests appear to already clean this up on exit.

As an application-level workaround your app can call:

Subject subject = ContextManager.getCurrentCaller();

immediately before control returns to the client.  (I haven't tested this to make sure it
doesn't break something else)

Thanks to Morten Svanaes and David Frahm for reporting this problem on the user list.  There
may be a similar problem in 2.1.x but the code and solution will be somewhat different.

This message is automatically generated by JIRA.
For more information on JIRA, see:


View raw message