myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Kaiser <kaiser.andr...@gmail.com>
Subject Re: CODI: Exclude windowId from certain pages
Date Thu, 29 Nov 2012 22:10:31 GMT
Hi
thanks for the answer

I will have a look at this.
BTW. it seems that the the windowId is a potential security issue.

For instance call a side with an unknown windowId. CODI will generate a new
valid one. Just change the generated one to a new invalid id. CODI will
generate a new one again. Repeat this until you are out of ids or the
server is out of memory ;-)

This is whats happend in my application due to stress testing

Regards


On Thu, Nov 29, 2012 at 11:03 PM, Gerhard Petracek <
gerhard.petracek@gmail.com> wrote:

> hi andreas,
>
> first of all: welcome @ myfaces!
>
> there are different approaches - e.g. you can use urls with
>   windowId=automatedEntryPoint
> (see the javadoc in WindowContextManager)
>
> regards,
> gerhard
>
> http://www.irian.at
>
> Your JSF/JavaEE powerhouse -
> JavaEE Consulting, Development and
> Courses in English and German
>
> Professional Support for Apache MyFaces
>
>
>
> 2012/11/29 Andreas Kaiser <kaiser.andreas@gmail.com>
>
> > Hi everybody
> >
> > I have following setup :
> >
> > Glassfish 3.1.2.2
> > Weld
> > Java EE6 + JSF + CDI + JPA
> > CODI: 1.0.5
> >
> > My problem:
> >
> > We use and like the windowId Feature from CODI. But it causes some big
> > problems on some pages which are specially created for stress testing.
> >
> > These pages are accessed from 500+ clients generated from JMeter.
> > Every client acts as a own browser.
> >
> > This pages (RequestScoped) can be accessed without login. Therefore CODI
> > generates a new windowId for every client.
> >
> > The problem is that the JMeter tests run multiple times. Due to this the
> > Hashmap in JSFWindowContext.java consums a lot of memory until the
> > Glassfish has no space left which leads into a 100 % CPU usage because
> the
> > garbage collector tries to free a even the last few bytes.
> >
> > My question is
> > 1. Is it possible to create windowIds only a user is logged in
> > 2. Is there an option to change the default behavior
> > 3. Can i exclude some pages being handled by the codi JSFWindowManager
> >
> >
> >
> >
> > Regards
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message