• Post Reply Bookmark Topic Watch Topic
  • New Topic

SecurityPluginUtil memory leak (JWSDP 1.5)  RSS feed

 
Edr� Moreira
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

It seems to have a memory leak in com.sun.xml.rpc.security.SecurityPluginUtil class (jwsdp 1.5) (at least it was what I could track with JProfile).
If security is disabled everything works fine. If I enable it, (-security <file> option in wscompile), I get OutOfMemoryError with about 10.000 calls.
I implemented the callback handlers as static as possible to avoid memory allocation.

Has anybody experienced this problem? Am I forgetting any configuration?

Any help will be appreciated.

Here are my configuration and class files:

Client side (works fine in both cases):
<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:Service>
<xwss:SecurityConfiguration dumpMessages="false">
<xwss:UsernameToken digestPassword="false"/>
</xwss:SecurityConfiguration>
</xwss:Service>
<xwss:SecurityEnvironmentHandler>
rnp.eid.ws.security.EidServicePasswordFromFileHandler
</xwss:SecurityEnvironmentHandler>
</xwss:JAXRPCSecurity>

-------------------------------------

package rnp.eid.ws.security;

import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.log4j.Logger;

import rnp.eid.util.Password;

import com.sun.xml.wss.impl.callback.PasswordCallback;
import com.sun.xml.wss.impl.callback.UsernameCallback;

/**
*
*/
public class EidServicePasswordFromFileHandler implements CallbackHandler {

private Logger log = Logger.getLogger(getClass());
private Properties properties;
/**
*
*/
public EidServicePasswordFromFileHandler() {
try {
InputStream is = EidServicePasswordFromFileHandler.class.getResourceAsStream("/conf/webservice.properties");
properties = new Properties();
properties.load(is);
} catch (Exception ex) {
log.error("Constructor EidServicePasswordFromFileHandler - error reading properties file /webservice.properties");
}
}


/**
* @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
*/
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {

for (int i=0; i < callbacks.length; i++) {
if (callbacks instanceof PasswordCallback) {
PasswordCallback cb = (PasswordCallback) callbacks;
log.debug("handle - PasswordCallback received");
cb.setPassword(Password.digets(properties.getProperty("user.password")));
} else if (callbacks instanceof UsernameCallback) {
UsernameCallback cb = (UsernameCallback)callbacks;
log.debug("handle - UsernameCallback received");
cb.setUsername(properties.getProperty("user.name"));
}
}
}
}

-------------------------------------

Server side:

<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:Service>
<xwss:SecurityConfiguration dumpMessages="false">
<!--
Default: nonce and created values are expected and password
should be in digest form.
-->
<xwss:RequireUsernameToken passwordDigestRequired="false"/>
</xwss:SecurityConfiguration>
</xwss:Service>
<xwss:SecurityEnvironmentHandler>
rnp.eid.ws.security.EidServicePasswordHandler
</xwss:SecurityEnvironmentHandler>
</xwss:JAXRPCSecurity>

-------------------------------------

package rnp.eid.ws.security;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.log4j.Logger;

import com.sun.xml.wss.impl.callback.PasswordValidationCallback;

/**
*
*/
public class EidServicePasswordHandler implements CallbackHandler {

private Logger log = Logger.getLogger(getClass());

private static EidPasswordValidator agentForImportValidator = new EidPasswordValidator("agentforimport");

/**
*
*/
public EidServicePasswordHandler() {
super();
log.debug("Constructor EidServicePasswordHandler - new object created");
}


/**
* @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
*/
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {

for (int i=0; i < callbacks.length; i++) {
if (callbacks instanceof PasswordValidationCallback) {
log.debug("handle - PasswordValidationCallback found");
PasswordValidationCallback cb = (PasswordValidationCallback) callbacks;
if (cb.getRequest() instanceof PasswordValidationCallback.PlainTextPasswordRequest) {
log.debug("handle - setting password validator for plain text");
cb.setValidator(agentForImportValidator);
} else if (cb.getRequest() instanceof PasswordValidationCallback.DigestPasswordRequest) {
log.debug("handle - setting password validator for digest password");
PasswordValidationCallback.DigestPasswordRequest request = (PasswordValidationCallback.DigestPasswordRequest) cb.getRequest();
cb.setValidator(agentForImportValidator);
} else {
UnsupportedCallbackException e = new UnsupportedCallbackException(callbacks);
log.error("handle - callback not implemented", e);
throw e;
}
}
}
}
}

-------------------------------------

package rnp.eid.ws.security;

import java.util.List;

import org.apache.log4j.Logger;

import rnp.eid.dao.EidObjectDAO;

import com.sun.xml.wss.impl.callback.PasswordValidationCallback;

public class EidPasswordValidator implements PasswordValidationCallback.PasswordValidator {

private static Logger log = Logger.getLogger(EidPasswordValidator.class);

private String type;

private static EidObjectDAO eidObjectDAO;

static {
try {
eidObjectDAO = EidObjectDAO.getInstance();
log.debug("static initialization - recovering EidObjectDAO instance");
} catch (Exception ex) {
log.error("static initialization - error recovering EidObjectDAO instance", ex);
}
}


public EidPasswordValidator(String type) {
this.type = type;
log.debug("Constructor EidPasswordValidator - validator for " + type);

}

public boolean validate(PasswordValidationCallback.Request request)
throws PasswordValidationCallback.PasswordValidationException {

String userName = null;
String password = null;
if (request instanceof PasswordValidationCallback.PlainTextPasswordRequest) {
PasswordValidationCallback.PlainTextPasswordRequest plainTextRequest =
(PasswordValidationCallback.PlainTextPasswordRequest) request;
userName = plainTextRequest.getUsername();
password = plainTextRequest.getPassword();
} else if (request instanceof PasswordValidationCallback.DigestPasswordRequest) {
PasswordValidationCallback.DigestPasswordRequest digRequest =
(PasswordValidationCallback.DigestPasswordRequest) request;
userName = digRequest.getUsername();
password = digRequest.getDigest();
}

log.debug("validate - validating " + userName);

List guids = null;
try {
StringBuffer sql = new StringBuffer();
sql.append("SELECT a.guid FROM Agent a, EidObject e WHERE name = '").append(userName).
append("' AND ").append(" password = '").append(password).append("' and e.type='").
append(type).append("'");
log.debug("validate - sql: " + sql);
guids = eidObjectDAO.getGuidsByCondition(sql.toString());
} catch (Exception ex) {
log.error("validate - error while validating user", ex);
}

if ((guids != null) && (guids.size()> 0)) {
StringBuffer message = new StringBuffer();
message.append("validate - ").append(userName).append(" (").append(guids.get(0)).append(") successfuly authenticated");
log.info(message);

return true;
} else {
log.info("validate - invalid name or password");
}

return false;
}

}

Edr�.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!