tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45453] New: JDBCRealm. getRoles bad synchronization causes hangs w/ DIGEST authentication
Date Tue, 22 Jul 2008 09:25:02 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45453

           Summary: JDBCRealm.getRoles bad synchronization causes hangs w/
                    DIGEST authentication
           Product: Tomcat 5
           Version: 5.5.26
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: santtu.hyrkko@ekahau.com


JDBCRealm.getRoles bad synchronization causes hangs w/ DIGEST authentication

JDBCRealm caches PreparedStatement preparedRoles. That, and missing
synchronization in JDBCRealm and/or DigestAuthenticator allow two threads to
call getRoles simultaneously so that T1 will do stmt.executeQuery() while T2
does stmt.setString(1, userName) plus another .executeQuery() on the same
PreparedStatement object.

In the worst case, the JDBC driver gets confused by this, and blocks forever
waiting for server response, causing all other threads that try to access DB
hang. (This was observed with PostgreSQL 8.3-603-jdbc4 JDBC driver)

org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:451)
org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:350)
org.postgresql.jdbc2.AbstractJdbc2Statement.executeQuery(AbstractJdbc2Statement.java:254)
org.apache.catalina.realm.JDBCRealm.getRoles(JDBCRealm.java:631)
org.apache.catalina.realm.JDBCRealm.getPrincipal(JDBCRealm.java:596)
org.apache.catalina.realm.RealmBase.authenticate(RealmBase.java:399)
org.apache.catalina.authenticator.DigestAuthenticator.findPrincipal(DigestAuthenticator.java:283)
org.apache.catalina.authenticator.DigestAuthenticator.authenticate(DigestAuthenticator.java:176)


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message