BasicRealm getUser() bug in WL5.1?
Hi,
I am facing a weird problem with authentication using a custom realm in WLS5.1.
I have written a custom security realm which implements the BasicRealm and ListableRealm
interfaces (the realm it does not extend Weblogic's AbstractListableRealm).
I have my own implementation of the User object within my realm package (call
it MyUser),
which extends weblogic's User object and provides the following behavior: MyUser
instances
contain a ticket if they have been successfully authenticated. This ticket is
available
through MyUser.getCredential() method.
Now, to the problem: Weblogic stores the wrong User object in the thread after
authentication.
The realm authentication sequence goes as follows:
1. WLS calls the BasicRealm.getUser(String userName) method on my realm.
2. The realm returns a MyUser object with a null ticket (since the user hasn't
been
authenticated). Let's call this user object myuser1.
3. WLS then calls the BasicRealm.getUser(UserInfo userInfo) method on my realm.
4. The realm authenticates the credentials and returns another MyUser object,
this one
with a valid ticket. Call this myuser2.
The problem is, WLS seems to discard myuser2, and store myuser1 in the thread-specific
authentication context. So, when an EJB method executing within that thread calls
Security.getCurrentUser(), it gets back myuser1. Since myuser1.getCredential()
returns null,
the EJB is not able to fetch the authentication ticket.
Is this a bug in WLS? If so, is there a patch available? Failing that, is there
any way to
make WLS store the second user object?
Thanks
Ravi
Hi,
I think your problem is that your first returned user object ( MyUser ) is stored
in a caching realm, and it is this user that is returned when using Security.getCurrentUser().
Instead of creating av new user object when authenticating ( authUserPassword
), just modify the user object already stored in the cache realm.
The code for getting the user object from the cache could look something like
this:
User user = null;
BasicRealm basicRealm = Security.getRealm();
if (basicRealm != null && basicRealm instanceof CachingRealm)
CachingRealm cachingRealm = (CachingRealm)basicRealm;
if (cachingRealm != null)
user = cachingRealm.getUser(name);
user.setTicket(ticket);
Now you can set your ticket attribute on this object and return it as the user
object.
Security.getCurrentUser() should now return a user object with a valid ticket.
Yngve.
"Ravi Shankar" <[email protected]> wrote:
>
Hi,
I am facing a weird problem with authentication using a custom realm
in WLS5.1.
I have written a custom security realm which implements the BasicRealm
and ListableRealm
interfaces (the realm it does not extend Weblogic's AbstractListableRealm).
I have my own implementation of the User object within my realm package
(call
it MyUser),
which extends weblogic's User object and provides the following behavior:
MyUser
instances
contain a ticket if they have been successfully authenticated. This ticket
is
available
through MyUser.getCredential() method.
Now, to the problem: Weblogic stores the wrong User object in the thread
after
authentication.
The realm authentication sequence goes as follows:
1. WLS calls the BasicRealm.getUser(String userName) method on my realm.
2. The realm returns a MyUser object with a null ticket (since the user
hasn't
been
authenticated). Let's call this user object myuser1.
3. WLS then calls the BasicRealm.getUser(UserInfo userInfo) method on
my realm.
4. The realm authenticates the credentials and returns another MyUser
object,
this one
with a valid ticket. Call this myuser2.
The problem is, WLS seems to discard myuser2, and store myuser1 in the
thread-specific
authentication context. So, when an EJB method executing within that
thread calls
Security.getCurrentUser(), it gets back myuser1. Since myuser1.getCredential()
returns null,
the EJB is not able to fetch the authentication ticket.
Is this a bug in WLS? If so, is there a patch available? Failing that,
is there
any way to
make WLS store the second user object?
Thanks
Ravi
Similar Messages
-
Server: WLS 5.1 SP9 Solaris
Console: WL5.1 SP9 swing console from Linux, connecting to WLS 5.1 SP9 on
Solaris
Using the console, under "Deployed Beans", clicking on the beans that you
have deployed shows you how many transactions have been committed,
rolled-back, and the sum of the two. These counter work fine.
However, if you update the deployed bean using "java weblogic.deploy
update", the counter no longer works ... it no longer increments despite
calling the methods repeatedly.
This also happens even if there were no actual changes in the deployed jar.
Just doing a "weblogic.deploy update", and the transaction counter on the
console no longer works.
These are for SLSBs, not sure if the same is true for other beans.How Do I implement security constarints? If I've a users
like 5000 users with admin,customer,manger type using same user table with different previledge to see
jsp pages ,......
thnaks
raj
Sriram Narayan wrote:
Hi
The isUserInRole method in Weblogic seems to be responding to the role-link instead of the role-name.
specifics ...
for the web.xml below,
isUserInRole("ViewAllFields") is correct usage.
isUserInRole("boss") is wrong usage.
Right?
<servlet>
<security-role-ref>
<role-name>ViewALLFields</role-name>
<role-link>boss</role-link>
</security-role-ref>
</servlet>
<security-role>
<role-name>boss</role-name>
</security-role>
<security-role>
<role-name>subordinate</role-name>
</security-role>
Am i right?
But the weblogic implementation only seems to be responding to the wrong usage!!
Please help me out.
thanks
sriram -
Hello,
I am experiencing the same problem as mr. Rajesh Rajagopalan, only he had it with
WL 6.0:
http://newsgroups2.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.developer.interest.jsp&item=8925&utag=
So when the number of hits increases, it looks like new sessions are created when
the number of hits increases!
Is that a bug in WL 5.1 service pack 10? I would like an answer from a BEA Weblogic
official!
Hello,
I think that the best way is to open a case to the BEA support.
"\"Bogdan Barzu\" Bogdan.Barzu" wrote:
> Hello,
>
> I am experiencing the same problem as mr. Rajesh Rajagopalan, only he had it with
> WL 6.0:
> http://newsgroups2.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.developer.interest.jsp&item=8925&utag=
>
> So when the number of hits increases, it looks like new sessions are created when
> the number of hits increases!
>
> Is that a bug in WL 5.1 service pack 10? I would like an answer from a BEA Weblogic
> official!
-
Bug in WL5.1 - isUserInRole( "role-name" or "role-link")
Hi
The isUserInRole corresponds only to role-link. This is the name thats given in
the security-role. Look at the servllet spec or the ejb documentation. IT explains
this clearly.
HTH
Raj
>
>
>Sriram Narayan wrote:
>
>> Hi
>> The isUserInRole method in Weblogic seems to be responding to the role-link
>instead of the role-name.
>> specifics ...
>> for the web.xml below,
>>
>> isUserInRole("ViewAllFields") is correct usage.
>> isUserInRole("boss") is wrong usage.
>> Right?
>> -----------------------------------
>> ..
>> <servlet>
>> ..
>> <security-role-ref>
>> <role-name>ViewALLFields</role-name>
>> <role-link>boss</role-link>
>> </security-role-ref>
>> ..
>> </servlet>
>> ..
>> <security-role>
>> <role-name>boss</role-name>
>> </security-role>
>> <security-role>
>> <role-name>subordinate</role-name>
>> </security-role>
>> ..
>> ------------------------------------
>>
>> Am i right?
>> But the weblogic implementation only seems to be responding to the
>wrong usage!!
>> Please help me out.
>> thanks
>> sriram
>
-
DataSourceUserManager bug in oracle 9.0.4
Hi,
We use jaas configured with com.evermind.sql.DataSourceUserManager as a custom user manager provider on Oracle 9.0.4. It works with a datasource that defined in OracleAs datasource.
Every thing works fine.
When we restart the OC4J instance, the com.evermind.sql.DataSourceUserManager gives error that could not initial becuase could not find the datasource which is already there!
We found it as a bug in AS 9.0.4 are there any patches for this version.
Regadrs,
Alireza FattahiHi,
We found the pacth p3343332, which fix this bug in metalink! This patch only replaces the DataSourceUserManager which is in %ORACLE_HOME%\j2ee\home\oc4j.jar
Regards,
Alireza Fattahi
The Code is:
package com.evermind.sql;
import com.evermind.security.*;
import com.evermind.util.ObjectUtils;
import java.io.PrintStream;
import java.math.BigInteger;
import java.sql.*;
import java.util.*;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.sql.DataSource;
// Referenced classes of package com.evermind.sql:
// DataSourceUser
public class DataSourceUserManager extends AbstractUserManager
public DataSourceUserManager()
dataSource = null;
dataSourceLocation = null;
groupMembershipUserField = "username";
groupMembershipGroupField = "group";
users = new HashMap();
stalenessTime = -1L;
public void init(Properties properties)
throws InstantiationException
String staleness = properties.getProperty("staleness");
String casing = properties.getProperty("casing");
if(staleness != null)
try
stalenessTime = Integer.parseInt(staleness);
catch(NumberFormatException e)
throw new InstantiationException("Invalid staleness value: '" + staleness + "', must be a valid integer");
if(casing == null || casing.equalsIgnoreCase("sensitive"))
this.casing = 1;
else
if(casing.equalsIgnoreCase("toupper"))
this.casing = 2;
else
if(casing.equalsIgnoreCase("tolower"))
this.casing = 3;
else
throw new InstantiationException("Unknown casing type: '" + casing + "'");
String location = properties.getProperty("dataSource");
if(location == null)
throw new InstantiationException("No dataSource specified");
dataSourceLocation = location;
tableName = properties.getProperty("table", properties.getProperty("tableName", "users"));
usernameField = properties.getProperty("usernameField", "username");
passwordField = properties.getProperty("passwordField", "password");
certificateIssuerField = properties.getProperty("certificateIssuerField", null);
certificateSerialField = properties.getProperty("certificateSerialField", null);
localeField = properties.getProperty("localeField", null);
groupMembershipTableName = properties.getProperty("groupMembershipTableName");
groupMembershipUserField = properties.getProperty("groupMembershipUsernameField");
groupMembershipGroupField = properties.getProperty("groupMembershipGroupField");
if(properties.getProperty("groupMembershipUsernameFieldName") != null)
groupMembershipUserField = properties.getProperty("groupMembershipUsernameFieldName");
if(properties.getProperty("groupMembershipGroupFieldName") != null)
groupMembershipGroupField = properties.getProperty("groupMembershipGroupFieldName");
debug = "true".equalsIgnoreCase(properties.getProperty("debug"));
if(groupMembershipGroupField == null)
groupMembershipGroupField = "group";
if(groupMembershipUserField == null)
groupMembershipUserField = "username";
String defaultGroupsString = properties.getProperty("defaultGroups");
if(defaultGroupsString != null)
for(StringTokenizer tokenizer = new StringTokenizer(defaultGroupsString, ", "); tokenizer.hasMoreElements(); addDefaultGroup(tokenizer.nextToken()));
public Group getGroup(String name)
if(parent != null)
return parent.getGroup(name);
else
return null;
public User createUser(String username, String password)
throws InstantiationException
username = toCase(username);
DataSourceUser user = null;
try
Connection connection = getDataSource().getConnection();
try
synchronized(this)
PreparedStatement statement = connection.prepareStatement("SELECT * FROM " + tableName + " WHERE " + usernameField + " = ?");
statement.setString(1, username);
ResultSet resultSet = statement.executeQuery();
if(resultSet.next())
resultSet.close();
statement.close();
throw new InstantiationException("User already exists");
resultSet.close();
statement.close();
statement = connection.prepareStatement("INSERT INTO " + tableName + "(" + usernameField + ", " + passwordField + ") VALUES (?, ?)");
statement.setString(1, username);
statement.setString(2, password);
statement.executeUpdate();
statement.close();
user = new DataSourceUser(this, username, password, null, null, null, stalenessTime < 0L ? 0L : System.currentTimeMillis());
synchronized(users)
users.put(username, user);
finally
try
connection.close();
catch(SQLException e) { }
catch(SQLException e)
throw new RuntimeException("SQLException: " + e.getMessage());
return user;
public User getUser(String username)
username = toCase(username);
if(debug)
System.out.println("DataSourceUserManager.getUser(" + username + ")");
User user = null;
synchronized(users)
user = (DataSourceUser)users.get(username);
if(user != null && (stalenessTime < 0L || ((DataSourceUser)user).fetchedTime >= System.currentTimeMillis() - stalenessTime))
return user;
Connection connection = null;
try
connection = getDataSource().getConnection();
try
synchronized(this)
PreparedStatement statement = connection.prepareStatement("SELECT * FROM " + tableName + " WHERE " + usernameField + "= ?");
statement.setString(1, username);
ResultSet resultSet = statement.executeQuery();
if(!resultSet.next())
resultSet.close();
statement.close();
if(parent != null)
user = parent.getUser(username);
} else
String password = resultSet.getString(passwordField);
String issuer = null;
BigInteger serial = null;
Locale locale = null;
if(certificateIssuerField != null)
issuer = resultSet.getString(certificateIssuerField);
if(certificateSerialField != null)
String serialString = resultSet.getString(certificateSerialField);
if(serialString != null)
serial = new BigInteger(serialString);
if(localeField != null)
locale = ObjectUtils.toLocale(resultSet.getString(localeField));
user = new DataSourceUser(this, username, password, issuer, serial, locale, stalenessTime < 0L ? 0L : System.currentTimeMillis());
resultSet.close();
statement.close();
synchronized(users)
users.put(username, user);
finally
try
connection.close();
catch(SQLException e) { }
catch(SQLException e)
if(debug)
System.err.println("SQLException in getUser(...):");
e.printStackTrace();
throw new RuntimeException("SQLException: " + e.getMessage());
return user;
public boolean remove(User user)
String name = user.getName();
boolean response = false;
if(name == null)
return false;
synchronized(users)
users.remove(user);
Connection connection = null;
try
connection = getDataSource().getConnection();
try
synchronized(this)
PreparedStatement statement = connection.prepareStatement("DELETE FROM " + tableName + " WHERE " + usernameField + "= ?");
statement.setString(1, name);
response = statement.executeUpdate() != 0;
statement.close();
finally
try
connection.close();
catch(SQLException e) { }
catch(SQLException e)
throw new RuntimeException("SQLException: " + e.getMessage());
return response;
public void updateUserInfo(String username, String issuer, BigInteger serial, Locale locale)
if((issuer != null || serial != null) && (certificateIssuerField == null || certificateSerialField == null))
throw new UnsupportedOperationException("certificateIssuerField or certificateSerialField not specified");
Connection connection = null;
try
connection = getDataSource().getConnection();
synchronized(this)
StringBuffer buffer = new StringBuffer();
buffer.append("update " + tableName + " set ");
boolean first = true;
if(certificateIssuerField != null)
first = false;
buffer.append(certificateIssuerField + " = ?");
if(certificateSerialField != null)
if(!first)
buffer.append(", ");
first = false;
buffer.append(certificateSerialField + " = ?");
if(localeField != null)
if(!first)
buffer.append(", ");
first = false;
buffer.append(localeField + " = ?");
buffer.append(" WHERE " + usernameField + " = ?");
PreparedStatement statement = connection.prepareStatement(buffer.toString());
int nr = 1;
if(certificateIssuerField != null)
if(issuer == null)
statement.setNull(nr++, 12);
else
statement.setString(nr++, issuer);
if(certificateSerialField != null)
if(serial == null)
statement.setNull(nr++, 12);
else
statement.setString(nr++, serial.toString());
if(localeField != null)
if(locale == null)
statement.setNull(nr++, 12);
else
statement.setString(nr++, ObjectUtils.toString(locale));
statement.setString(nr++, username);
statement.executeUpdate();
statement.close();
catch(SQLException e)
throw new RuntimeException("SQLException: " + e.getMessage());
finally
try
if(connection != null)
connection.close();
catch(SQLException e) { }
public User getUser(String issuerDN, BigInteger serial)
User user;
user = null;
if(certificateIssuerField == null || certificateSerialField == null)
break MISSING_BLOCK_LABEL_505;
if(users == null)
break MISSING_BLOCK_LABEL_131;
Map map = users;
JVM INSTR monitorenter ;
Iterator iterator = users.values().iterator();
goto _L1
_L3:
BigInteger userSerial;
user = (DataSourceUser)iterator.next();
userSerial = user.getCertificateSerial();
if(userSerial != null && userSerial.equals(serial) && issuerDN.equals(user.getCertificateIssuerDN()))
return user;
_L1:
if(iterator.hasNext()) goto L3; else goto L2
_L2:
map;
JVM INSTR monitorexit ;
break MISSING_BLOCK_LABEL_131;
Exception exception;
exception;
throw exception;
Connection connection = null;
try
connection = getDataSource().getConnection();
synchronized(this)
PreparedStatement statement = connection.prepareStatement("SELECT * FROM " + tableName + " WHERE " + certificateIssuerField + " = ? AND " + certificateSerialField + " = ?");
statement.setString(1, issuerDN);
statement.setString(2, serial.toString());
ResultSet resultSet = statement.executeQuery();
if(!resultSet.next())
resultSet.close();
statement.close();
if(parent != null)
user = parent.getUser(issuerDN, serial);
} else
String username = resultSet.getString(usernameField);
String password = resultSet.getString(passwordField);
Locale locale = null;
if(localeField != null)
locale = ObjectUtils.toLocale(resultSet.getString(localeField));
user = new DataSourceUser(this, username, password, issuerDN, serial, locale, stalenessTime < 0L ? 0L : System.currentTimeMillis());
resultSet.close();
statement.close();
synchronized(users)
users.put(username, user);
catch(SQLException e)
throw new RuntimeException("SQLException: " + e.getMessage());
finally
try
if(connection != null)
connection.close();
catch(SQLException e) { }
if(user == null && parent != null)
return parent.getUser(issuerDN, serial);
else
return user;
protected Set getGroups(DataSourceUser user)
throws SQLException
if(debug)
System.out.println("Getting groups for " + user.getName() + "...");
if(groupMembershipTableName == null)
if(debug)
System.out.println("Groups for " + user.getName() + ": <none> (no groupMembershipTableName defined)");
return null;
Connection connection = null;
Set set1;
try
connection = getDataSource().getConnection();
PreparedStatement statement = connection.prepareStatement("select " + groupMembershipGroupField + " from " + groupMembershipTableName + " where " + groupMembershipUserField + " = ?");
statement.setString(1, user.getName());
ResultSet set = statement.executeQuery();
Set response = new HashSet();
for(; set.next(); response.add(getGroup(set.getString(1))));
set.close();
statement.close();
if(debug)
System.out.println("Groups for " + user.getName() + ": " + response);
set1 = response;
finally
try
if(connection != null)
connection.close();
catch(SQLException e) { }
return set1;
protected void addToGroup(DataSourceUser user, Group group)
throws SQLException
if(groupMembershipTableName == null)
return;
Connection connection = null;
try
connection = getDataSource().getConnection();
PreparedStatement statement = connection.prepareStatement("insert into " + groupMembershipTableName + " (" + groupMembershipUserField + ", " + groupMembershipGroupField + ") values (?, ?)");
statement.setString(1, user.getName());
statement.setString(1, group.getName());
statement.executeUpdate();
statement.close();
finally
try
if(connection != null)
connection.close();
catch(SQLException e) { }
protected void removeFromGroup(DataSourceUser user, Group group)
throws SQLException
if(groupMembershipTableName == null)
return;
Connection connection = null;
try
connection = getDataSource().getConnection();
PreparedStatement statement = connection.prepareStatement("delete from " + groupMembershipTableName + " where " + groupMembershipUserField + " = ? and " + groupMembershipGroupField + " = ?");
statement.setString(1, user.getName());
statement.setString(2, group.getName());
statement.executeUpdate();
statement.close();
finally
try
if(connection != null)
connection.close();
catch(SQLException e) { }
public int getUserCount()
Connection connection;
Exception exception;
connection = null;
int i;
try
connection = getDataSource().getConnection();
PreparedStatement statement = connection.prepareStatement("select count(*) as numberOfUsers from " + tableName);
ResultSet set = statement.executeQuery();
set.next();
int count = set.getInt("numberOfUsers");
set.close();
statement.close();
i = count;
catch(SQLException e)
throw new RuntimeException("SQLException: " + e.getMessage());
finally
JVM INSTR jsr 126;
return i;
throw exception;
local;
try
if(connection != null)
connection.close();
catch(SQLException e) { }
JVM INSTR ret 7;
public List getUsers(int start, int length)
Connection connection;
Exception exception;
connection = null;
List list;
try
connection = getDataSource().getConnection();
PreparedStatement statement = connection.prepareStatement("select " + usernameField + " from " + tableName);
ResultSet set;
for(set = statement.executeQuery(); start > 0 && set.next(););
List response = new ArrayList();
for(; length > 0 && set.next(); response.add(getUser(set.getString(usernameField))));
set.close();
statement.close();
list = response;
catch(SQLException e)
throw new RuntimeException("SQLException: " + e.getMessage());
finally
JVM INSTR jsr 194;
return list;
throw exception;
local;
try
if(connection != null)
connection.close();
catch(SQLException e) { }
JVM INSTR ret 9;
public String toCase(String name)
switch(casing)
case 2: // '\002'
boolean needsToChange = false;
for(int i = 0; i < name.length(); i++)
if(!Character.isLowerCase(name.charAt(i)))
continue;
needsToChange = true;
break;
return needsToChange ? name.toUpperCase() : name;
case 3: // '\003'
boolean needsToChange = false;
for(int i = 0; i < name.length(); i++)
if(!Character.isUpperCase(name.charAt(i)))
continue;
needsToChange = true;
break;
return needsToChange ? name.toLowerCase() : name;
return name;
protected DataSource getDataSource()
if(dataSource == null)
try
InitialContext context = new InitialContext();
dataSource = (DataSource)context.lookup(dataSourceLocation);
catch(ClassCastException e)
if(debug)
e.printStackTrace();
System.out.println("DataSourceUserManager.getDataResource - Not a valid DataSource at " + dataSourceLocation);
dataSource = null;
catch(NamingException e)
if(debug)
e.printStackTrace();
System.out.println("DataSourceUserManager.getDataResource - Error in lookup of datasource : " + dataSourceLocation + " exception is " + e.getMessage());
dataSource = null;
return dataSource;
private static final int CASING_SENSITIVE = 1;
private static final int CASING_TOUPPER = 2;
private static final int CASING_TOLOWER = 3;
protected DataSource dataSource;
protected String dataSourceLocation;
protected boolean destroyed;
protected String tableName;
protected String usernameField;
protected String passwordField;
protected String certificateIssuerField;
protected String certificateSerialField;
protected String localeField;
protected boolean debug;
protected String groupMembershipTableName;
protected String groupMembershipUserField;
protected String groupMembershipGroupField;
protected Map users;
protected long stalenessTime;
protected int casing;
} -
Hi,
I recently applied SP5 to weblogic 5.1 and I'm now running into following
problem.
I have implemented a custom security realm. I have created a group called
"admin" in my database and give this role to a user "org\user" . ( JFYI, I
encode username since we need to identify the user and his organization, for
authentication ).
When I try to access a page protected by "admin" role, I see following
auditing and debugging messages from security realm.
Wed Aug 23 15:53:25 PDT 2000:<D> <CachingRealm> getAcl("weblogic.url")
Wed Aug 23 15:53:25 PDT 2000:<D> <CachingRealm> acl: neg HIT weblogic.url
Wed Aug 23 15:53:25 PDT 2000:<D> <CachingRealm> authenticate("org\user")
Wed Aug 23 15:53:45 PDT 2000:<D> <SRAuthRealm> Finished authUser - found
Wed Aug 23 15:53:45 PDT 2000:<I> <Audit> [SRAuthRealm] user auth:
user="org\user", credentials=password, SUCCESS
Wed Aug 23 15:53:45 PDT 2000:<D> <CachingRealm> auth: delegate PASSES
org\user
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> getAcl("weblogic.url")
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> acl: UNACL weblogic.url
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> getUser("org\user")
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> user: pos HIT crio\sruser1
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> getGroup("admin")
*** invalid value for weblogic.security.groupCacheTTL
*** defaulting to 300s instead
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> group: delegate HAS admin
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> getUser("admin")
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> user: UNPERSON admin
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> getAcl("weblogic.url")
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> acl: neg HIT weblogic.url
Wed Aug 23 15:53:46 PDT 2000:<I> <WebAppServletContext-servletExample>
*.html: init
From the messages, it seems like even though the group "admin" was found,
weblogic CachingRealm ignores it and further invokes getUser("admin"). Is
this a bug in the new SP5 ? I ask this coz, the same code worked just fine
in SP3.
Thanks,
ManishHey Michael,
Sorry, false alarm !! Actually, the code was modified and had introduced
this bug. I have it running just fine now.
Anyways, thanks for your prompt response.
Manish
"Michael Girdley" <[email protected]> wrote in message
news:[email protected]...
>
>
It appears to be a regression.
I suggest that you file a bug report with our support organization. Besure
to include a complete test case. They will also need information from
you -- please review our external support procedures:
http://www.beasys.com/support/index.html
Thanks,
Michael
Michael Girdley
BEA Systems Inc
"Manish Shah" <[email protected]> wrote in message
news:[email protected]...
Hi,
I recently applied SP5 to weblogic 5.1 and I'm now running into
following
problem.
I have implemented a custom security realm. I have created a groupcalled
"admin" in my database and give this role to a user "org\user" . (JFYI,
I
encode username since we need to identify the user and his organization,for
authentication ).
When I try to access a page protected by "admin" role, I see following
auditing and debugging messages from security realm.
Wed Aug 23 15:53:25 PDT 2000:<D> <CachingRealm> getAcl("weblogic.url")
Wed Aug 23 15:53:25 PDT 2000:<D> <CachingRealm> acl: neg HIT
weblogic.url
Wed Aug 23 15:53:25 PDT 2000:<D> <CachingRealm> authenticate("org\user")
Wed Aug 23 15:53:45 PDT 2000:<D> <SRAuthRealm> Finished authUser - found
Wed Aug 23 15:53:45 PDT 2000:<I> <Audit> [SRAuthRealm] user auth:
user="org\user", credentials=password, SUCCESS
Wed Aug 23 15:53:45 PDT 2000:<D> <CachingRealm> auth: delegate PASSES
org\user
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> getAcl("weblogic.url")
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> acl: UNACL weblogic.url
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> getUser("org\user")
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> user: pos HITcrio\sruser1
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> getGroup("admin")
*** invalid value for weblogic.security.groupCacheTTL
*** defaulting to 300s instead
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> group: delegate HASadmin
>
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> getUser("admin")
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> user: UNPERSON admin
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> getAcl("weblogic.url")
Wed Aug 23 15:53:46 PDT 2000:<D> <CachingRealm> acl: neg HITweblogic.url
Wed Aug 23 15:53:46 PDT 2000:<I> <WebAppServletContext-servletExample>
*.html: init
From the messages, it seems like even though the group "admin" wasfound,
weblogic CachingRealm ignores it and further invokes getUser("admin").Is
this a bug in the new SP5 ? I ask this coz, the same code worked justfine
in SP3.
Thanks,
Manish -
Weblogic 5.10 Service Pack 11 ClassCastException -- BUG?
I'm using a custom RDBMS realm that works fine on WL5.10SP10, but when I
updated to SP11, I get an exception:
java.lang.ClassCastException: mypackage.DynWLGroup
at weblogic.security.acl.AclImpl.checkPermission(AclImpl.java:356)
at weblogic.security.acl.Security.hasPermission(Security.java:101)
at
weblogic.servlet.internal.ServletContextImpl.checkA(ServletContextImpl.java:
1963)
at
weblogic.servlet.internal.ServletContextImpl.checkAccess(ServletContextImpl.
java:1796)
at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImp
l.java:938)
at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImp
l.java:905)
at
weblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContext
Manager.java:269)
at
weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:391)
at
weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:273)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:129)
This is occuring when the server first starts up and I try to hit an HTML
page that launches an applet. I checked in the Jars and this class was in
fact included in the SP11 changes. Did something break in it?
Regards,
Brian.When I tried SP12 a few days ago, it had the same problem. Now, I tried it
in a rush, so maybe I made a mistake in my testing, so I'll go re-check. In
fact, my response from support (which include a patch) also verfied that it
is a bug in SP12 and would be fixed in SP13.
Regards,
Brian.
"kirann" <[email protected]> wrote in message
news:[email protected]..
it was fixed in sp12.
contact support if you need a one-off patch.
thanks
kiran
"Brian J. Sayatovic" <[email protected]> wrote in message
news:[email protected]..
This bug is still present in SP12.
"Brian J. Sayatovic" <[email protected]> wrote in message
news:[email protected]..
I'm using a custom RDBMS realm that works fine on WL5.10SP10, but when
I
updated to SP11, I get an exception:
java.lang.ClassCastException: mypackage.DynWLGroup
atweblogic.security.acl.AclImpl.checkPermission(AclImpl.java:356)
atweblogic.security.acl.Security.hasPermission(Security.java:101)
at
weblogic.servlet.internal.ServletContextImpl.checkA(ServletContextImpl.java:
1963)
at
weblogic.servlet.internal.ServletContextImpl.checkAccess(ServletContextImpl.
java:1796)
at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImp
l.java:938)
at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImp
l.java:905)
at
weblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContext
Manager.java:269)
at
weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:391)
at
weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:273)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:129)
This is occuring when the server first starts up and I try to hit anHTML
page that launches an applet. I checked in the Jars and this class
was
in
fact included in the SP11 changes. Did something break in it?
Regards,
Brian. -
BUG JSP editor jsp:attribute action
Hello, there's a bug in JDeveloper.
1. Create tag file
<%@ tag pageEncoding="UTF-8"%>
<%@ attribute name="x" fragment="true" required="true" %>
2. Create JSP file
<%@ page contentType="text/html;charset=UTF-8"%>
<%@ taglib tagdir="/WEB-INF/tags/" prefix="tags"%>
<tags:tagFile1>
<jsp:attribute name="x">
Hello
</jsp:attribute>
</tags:tagFile1>
JDeveloper underlines the tag in red and says "Required attribute x is missing..." OC4J runtime behaviour is normal (if we ignore other issues with tag files). I am using JDeveloper 10.1.3.1.Hi,
Put this code in the editor and see it will show you the preview
=========================================
<%@ taglib uri="tagLib" prefix="hbj" %>
<html>
<body>
Hello
</body>
</html>
============================================
This will not show you a preview
===========================================
<%@ taglib uri="tagLib" prefix="hbj" %>
<jsp:useBean id="myBean" scope="application" class="com.cts.bean.User" />
<hbj:content
id="myContext">
<hbj:page title="Kirupanand">
<hbj:form id="myFormId" >
<hbj:inputField type="String" id="Getuser"
size="30" value="" maxlength="8"
disabled="false">
</hbj:inputField>
<hbj:inputField type="String"
id="Displayuser" size="30"
value="<%=myBean.getUser()%>"
maxlength="8" disabled="false">
</hbj:inputField>
<hbj:button id="Store" text="Save" width="125px"
tooltip="Save User Name" onClick="clientSave"
disabled="false" design="STANDARD" />
</hbj:form>
</hbj:page>
</hbj:content>
<html>
<body>
Hello
</body>
</html>
===================================================
what does this mean? If you use HTMLB tags then you cannot see a preview. Not because of " <%@ taglib uri="tagLib" prefix="hbj" %> " this statement is used to tell to the program which executes the jsp that use this TagLib to understand what the component starting with hbj should do. -
Heip!
(This is N+1 try - the newsserver seem to be refusing to accept my article...)
I use my own version of Users and ACLs. The custom ACLs need extra
information that is present only in custom User.
As you can see below, user "jeti200001\000system" exists and is cached in
Caching Realm. However, the last ACL check uses surprisingly an instance of
weblogic.security.acl.User instead of com.optiwise.bl.core.security.OWUser
as it shoud.
(Note that .checkPermission() is a debug output from custom ACL method.
It prints the class of Principal among other information.
---cut
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
getUser("jeti200001\000system")
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
user: pos HIT jeti200001\000system
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
getUser("jeti200001\000system")
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
user: pos HIT jeti200001\000system
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
getAcl("weblogic.workspace.system\000system", '.')
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
getAcl("weblogic.workspace.system\000system")
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
acl: pos HIT weblogic.workspace.system\000system
weblogic.workspace.*.checkPermission(): jeti200001/system
(com.optiwise.bl.core.security.OWUser)ow_user, read: res=true
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm> getPermission("reserve")
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm> perm: pos HIT reserve
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
getAcl("weblogic.jdbc.connectionPool.OW4Tpool", '.')
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
getAcl("weblogic.jdbc.connectionPool.OW4Tpool")
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
acl: pos HIT weblogic.jdbc.connectionPool.OW4Tpool
weblogic.jdbc.connectionPool.OW4Tpool.checkPermission():
jeti200001\000system (weblogic.security.acl.User)null, reserve:
res=false
to elo 10 15:17:39 GMT+03:00 2000:<I> <Security> Access failed
(Thread = Thread[ExecuteThread-14,5,Execute Thread Group])
java.lang.SecurityException: User "jeti200001\000system" does not have
Permission "reserve" based on ACL
"weblogic.jdbc.connectionPool.OW4Tpool".
at weblogic.security.acl.Security.logAndThrow(Security.java:372)
at weblogic.security.acl.Security.checkPermission(Security.java:304)
---cut
Is there a bug in CachingRealm/JDBC pools? What do I miss here?
Thanks a lot for your help
Timo Jantunen
Optiwise R&D
http://www.optiwise.comThe WebLogic newsgroups are not the appropriate place to file product defect
reports.
I suggest that you file a bug report with our support organization. Be sure
to include a complete test case. They will also need information from
you -- please review our external support procedures:
http://www.beasys.com/support/index.html
Thanks,
Michael
Michael Girdley
BEA Systems Inc
"Timo Jantunen" <[email protected]> wrote in message
news:[email protected]...
Heip!
(This is N+1 try - the newsserver seem to be refusing to accept myarticle...)
>
I use my own version of Users and ACLs. The custom ACLs need extra
information that is present only in custom User.
As you can see below, user "jeti200001\000system" exists and is cached in
Caching Realm. However, the last ACL check uses surprisingly an instanceof
weblogic.security.acl.User instead of com.optiwise.bl.core.security.OWUser
as it shoud.
(Note that .checkPermission() is a debug output from custom ACL method.
It prints the class of Principal among other information.
---cut
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
getUser("jeti200001\000system")
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
user: pos HIT jeti200001\000system
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
getUser("jeti200001\000system")
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
user: pos HIT jeti200001\000system
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
getAcl("weblogic.workspace.system\000system", '.')
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
getAcl("weblogic.workspace.system\000system")
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
acl: pos HIT weblogic.workspace.system\000system
weblogic.workspace.*.checkPermission(): jeti200001/system
(com.optiwise.bl.core.security.OWUser)ow_user, read: res=true
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>getPermission("reserve")
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm> perm: pos HIT reserve
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
getAcl("weblogic.jdbc.connectionPool.OW4Tpool", '.')
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
getAcl("weblogic.jdbc.connectionPool.OW4Tpool")
to elo 10 15:17:39 GMT+03:00 2000:<D> <CachingRealm>
acl: pos HIT weblogic.jdbc.connectionPool.OW4Tpool
weblogic.jdbc.connectionPool.OW4Tpool.checkPermission():
jeti200001\000system (weblogic.security.acl.User)null, reserve:
res=false
to elo 10 15:17:39 GMT+03:00 2000:<I> <Security> Access failed
(Thread = Thread[ExecuteThread-14,5,Execute Thread Group])
java.lang.SecurityException: User "jeti200001\000system" does not have
Permission "reserve" based on ACL
"weblogic.jdbc.connectionPool.OW4Tpool".
at weblogic.security.acl.Security.logAndThrow(Security.java:372)
at weblogic.security.acl.Security.checkPermission(Security.java:304)
---cut
Is there a bug in CachingRealm/JDBC pools? What do I miss here?
Thanks a lot for your help
Timo Jantunen
Optiwise R&D
http://www.optiwise.com -
Hi,
We have migrated from weblogic 6.1 sp5 to weblogic8.1 sp2 and continuing to use the custom security Realms. I am trying to catch a custom runtime exception raised in getUser(UserInfo) method of BasicRealm implemenation while creating a InitialContext. Unfortunately the custom exception is consumed by weblogic and transformed into AuthenticationException. Is it the default behaviour of weblogic or is there something I am missing. Would appreciate if someone can help me out.
Thanks,
VenkateshIf you look at the object hierarchy much of these objects are derived from java.security
objects. These are well documented and will help your quest.
It all sounds feasible to me. Good luck.
ray
"Mika Haapakorpi" <[email protected]> wrote:
Hi,
For performance reasons I want to do a new realm from a scratch just
implementing a BasicRealm interface. I want to avoid method calls which
tries to retrieve all the user from database so I do not want to use
AbstractListableRealm. Also it seems unpractical that group objects have
hashtable over every user or that group objects even contain any kind of
membership information. Instead I plan to include a group membership
information to user and groupobject's isMember(Principle p) method just
asks
for that given user does it belong to this group. So I would need only two
caches one containing users and a very simple group cache.
The problem is that I can not find good specifations which explain in detail
what is the meaning of methods in BasicRealm interface. For example the
method getUser(UserInfo ui); I guess that this method is called when I
create new InitialContext with principle and credentials, but what type
of
implementations of UserInfo object I might encounter. Do I allways get the
default implementation of userinfo or is there any other types of userinfo
types which I should also handle? Can I affect the creation process UserInfo
object? In what other situations the getUser(UserInfo ui) is called? What
is
the purpose of load and save methods? Can I leave them empty? Is it
necessary that User and Group objects are serializable? etc...
Thanks,
Mika
p.s. is the approach explained above at all feasible? -
JDK1.3 & WL5.1 sp9
Hi :
I tried to use JDK1.3 for WL5.1 in a WIN2k machine. I use wlconfig to set
JAVA_HOME to jdk1.3, but the vm did not start, it complained the
"DumpThreads not found".
Should I use JDK1.3 with WL5.1? if yes, how should I do it?
thanks
andrewDid this bug ever get reported, or fixed? After a year or so, I am still having
the problem reported by Andrew. I am using Windows NT, BEA 5.1 service pack 10,
and jdk1.3.1. The problem of 'DumpThreads not defined' still exists. Can we get
some help?
- Sashi.
Kumar Allamraju <[email protected]> wrote:
this appears to be a known issue.
report it to [email protected]
andrew wrote:
Hi :
I tried to use JDK1.3 for WL5.1 in a WIN2k machine. I use wlconfigto set
JAVA_HOME to jdk1.3, but the vm did not start, it complained the
"DumpThreads not found".
Should I use JDK1.3 with WL5.1? if yes, how should I do it?
thanks
andrew -
Index with "or" clause (BUG still exists?)
The change log for 2.3.10 mentions "Fixed a bug that caused incorrect query plans to be generated for predicates that used the "or" operator in conjunction with indexes [#15328]."
But looks like the Bug still exists.
I am listing the steps to-repro. Let me know if i have missed something (or if the bug needs to be fixed)
DATA
dbxml> openContainer test.dbxml
dbxml> getDocuments
2 documents found
dbxml> print
<node><value>a</value></node>
<node><value>b</value></node>
INDEX (just one string equality index on node "value")
dbxml> listIndexes
Index: unique-node-metadata-equality-string for node {http://www.sleepycat.com/2002/dbxml}:name
Index: node-element-equality-string for node {}:value
2 indexes found.
QUERY
setVerbose 2 2
preload test.dbxml
query 'let $temp := fn:compare("test", "test") = 0
let $results := for $i in collection("test.dbxml")
where ($temp or $i/node[value = ("a")])
return $i
return <out>{$temp}{$results}</out>'
When $temp is true i expected the result set to contain both the records, but that was not the case with the index. It works well when there is no index!
Result WITH INDEX
dbxml> print
<out>true<node><value>a</value></node></out>
Result WITHOUT INDEX
dbxml> print
<out>true<node><value>a</value></node><node><value>b</value></node></out>Hi Vijay,
This is a completely different bug, relating to predicate expressions that do not examine nodes. Please try the following patch, to see if it fixes this bug for you:
--- dbxml-2.3.10-original/dbxml/src/dbxml/optimizer/QueryPlanGenerator.cpp 2007-04-18 10:05:24.000000000 +0100
+++ dbxml-2.3.10/dbxml/src/dbxml/optimizer/QueryPlanGenerator.cpp 2007-08-08 11:32:10.000000000 +0100
@@ -1566,11 +1572,12 @@
else if(name == Or::name) {
UnionQP *unionOp = new (&memMgr_) UnionQP(&memMgr_);
+ result.operation = unionOp;
for(VectorOfASTNodes::iterator i = args.begin(); i != args.end(); ++i) {
PathResult ret = generate(*i, ids);
unionOp->addArg(ret.operation);
+ if(ret.operation == 0) result.operation = 0;
- result.operation = unionOp;
// These operators use the presence of the node arguments, not their valueJohn -
is there a way to follow-up on a bug report that i submitted? i have the bug number, but would like to see if the report was understood, filled out properly and determine the status of the bug report.
thanks,
dougThey comment on bugs if actions were taken. Otherwise - don't expect any feedback.
-
Solaris8 and 9 (possibly 7) /dev/poll driver bug report.
Hello,
I'd like to report a bug in the solaris 8 and 9 /dev/poll driver (poll(7d)).
As i do not have a support account with sun or anything like that, there
seems to be no other way to do that here (which is of course a very sad
thing).
Bug details:
The /dev/poll device provides an ioctl-request (DP_ISPOLLED) for checking
if a particular filedescriptor is currently in the set of monitored
filedescriptors for that particular /dev/poll fd set (open /dev/poll fd).
A quote from the documentation of the poll(7d) manual page taken from
Solaris9:
"DP_ISPOLLED ioctl allows you to query if a file descriptor is already in
the monitored set represented by fd. The fd field of the pollfd structure
indicates the file descriptor of interest. The DP_ISPOLLED ioctl returns 1
if the file descriptor is in the set. The events field contains the
currently polled events. The revents field contains 0. The ioctl returns 0
if the file descriptor is not in the set. The pollfd structure pointed by
pfd is not modified. The ioctl returns a -1 if the call fails."
It says that when you query for an filedescriptor which is currently being
monitored in the set, that it would return 1, and change the events field of
the pollfd structure to the events it's currently monitoring that fd for.
The revents field would be set to zero.
However the only thing which actually happens here, is that FD_ISPOLLED
returns 1 when the fd is in the set and 0 if not. When the fd is in the
set, when FD_ISPOLLED returns 1, the events field remains unmodified, but
the revents field gets changed.
A small sample code to illustrate:
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/devpoll.h>
main() {
struct pollfd a;
int dp_fd = open("/dev/poll", O_WRONLY);
a.fd = 0; /* stdin */
a.events = POLLIN; /* we monitor for readability, POLLIN=1 */
a.revents = 0;
write(dp_fd, &a, sizeof(a));
a.fd = 0;
a.events = 34; /* filled in with bogus number to show malfunctioning */
a.revents = 0;
printf("DP_ISPOLLED returns: %d\n", ioctl(dp_fd, DP_ISPOLLED, &a));
printf("a.fd=%d, a.events=%hd, a.revents=%hd\n", a.fd, a.events,
a.revents);
According to the documentation of /dev/poll and namely DP_ISPOLLED this
program is supposed to print the following:
DP_ISPOLLED returns: 1
a.fd=0, a.events=1, a.revents=0
However it prints the following:
DP_ISPOLLED returns: 1
a.fd=0, a.events=34, a.revents=1
You can take any number instead of '34' and it will simply remain untouched
after the DP_ISPOLLED ioctl-request.
I hope it's clear now that the solaris8 and solaris9 (and probably solaris7
with /dev/poll patch too) DP_ISPOLLED implementation is broken.
This bug is also easily illustrated by looking at the solaris8 kernel sourcecode:
<snippet osnet_volume/usr/src/uts/common/io/devpoll.c:dpioctl()>
case DP_ISPOLLED:
pollfd_t pollfd;
polldat_t *pdp;
if (pollfd.fd < 0) {
mutex_exit(&pcp->pc_lock);
break;
pdp = pcache_lookup_fd(pcp, pollfd.fd);
if ((pdp != NULL) && (pdp->pd_fd == pollfd.fd) &&
(pdp->pd_fp != NULL)) {
pollfd.revents = pdp->pd_events;
if (copyout(&pollfd, (caddr_t)arg,
sizeof(pollfd_t))) {
mutex_exit(&pcp->pc_lock);
DP_REFRELE(dpep);
return (set_errno(EFAULT));
*rvalp = 1;
</snippet>
its' clearly visible that the code writes the current monitored events to
the revents field:
'pollfd.revents = pdp->pd_events;'
and that it doesnt set revents to zero.
It's funny to see that this has been like this since Solaris8 (possibly 7). That means nobody ever used DP_ISPOLLED that way or people were simply to lazy to file a bug report.
Another funny thing related to this. is that Hewlett-Packard did seem to know about this. Since HP-UX11i version 1.6 they also support /dev/poll. From their manual page i ll quote some sentences from their WARNING session:
"The ioctl(DP_ISPOLLED) system call also returns its result in the revents member of the pollfd structure, in order to be compatible with the implementation of the /dev/poll driver by some other vendors."
Hopefully this will get fixed.
I also like to reexpress my very negative feelings towards the fact that you're not able to file bug reports when you do not have a support contract. Ridiculous.
Thanks,
bighawkHave I mentioned how much i love my playbook now Great job on os 2.0
-
[bdb bug]repeatly open and close db may cause memory leak
my test code is very simple :
char *filename = "xxx.db";
char *dbname = "xxx";
for( ; ;)
DB *dbp;
DB_TXN *txnp;
db_create(&dbp,dbenvp, 0);
dbenvp->txn_begin(dbenvp, NULL, &txnp, 0);
ret = dbp->open(dbp, txnp, filename, dbname, DB_BTREE, DB_CREATE, 0);
if(ret != 0)
printf("failed to open db:%s\n",db_strerror(ret));
return 0;
txnp->commit(txnp, 0);
dbp->close(dbp, DB_NOSYNC);
I try to run my test program for a long time opening and closing db repeatly, then use the PS command and find the RSS is increasing slowly:
ps -va
PID TTY STAT TIME MAJFL TRS DRS RSS %MEM COMMAND
1986 pts/0 S 0:00 466 588 4999 980 0.3 -bash
2615 pts/0 R 0:01 588 2 5141 2500 0.9 ./test
after a few minutes:
ps -va
PID TTY STAT TIME MAJFL TRS DRS RSS %MEM COMMAND
1986 pts/0 S 0:00 473 588 4999 976 0.3 -bash
2615 pts/0 R 30:02 689 2 156561 117892 46.2 ./test
I had read bdb's source code before, so i tried to debug it for about a week and found something like a bug:
If open a db with both filename and dbname, bdb will open a db handle for master db and a db handle for subdb,
both of the two handle will get an fileid by a internal api called __dbreg_get_id, however, just the subdb's id will be
return to bdb's log region by calling __dbreg_pop_id. It leads to a id leak if I tried to open and close the db
repeatly, as a result, __dbreg_add_dbentry will call realloc repeatly to enlarge the dbentry area, this seens to be
the reason for RSS increasing.
Is it not a BUG?
sorry for my pool english :)
Edited by: user9222236 on 2010-2-25 下午10:38I have tested my program using Oracle Berkeley DB release 4.8.26 and 4.7.25 in redhat 9.0 (Kernel 2.4.20-8smp on an i686) and AIX Version 5.
The problem is easy to be reproduced by calling the open method of db handle with both filename and dbname being specified and calling the close method.
My program is very simple:
#include <stdlib.h>
#include <stdio.h>
#include <sys/time.h>
#include "db.h"
int main(int argc, char * argv[])
int ret, count;
DB_ENV *dbenvp;
char * filename = "test.dbf";
char * dbname = "test";
db_env_create(&dbenvp, 0);
dbenvp->open(dbenvp, "/home/bdb/code/test/env",DB_CREATE|DB_INIT_LOCK|DB_INIT_LOG|DB_INIT_TXN|DB_INIT_MPOOL, 0);
for(count = 0 ; count < 10000000 ; count++)
DB *dbp;
DB_TXN *txnp;
db_create(&dbp,dbenvp, 0);
dbenvp->txn_begin(dbenvp, NULL, &txnp, 0);
ret = dbp->open(dbp, txnp, filename, dbname, DB_BTREE, DB_CREATE, 0);
if(ret != 0)
printf("failed to open db:%s\n",db_strerror(ret));
return 0;
txnp->commit(txnp, 0);
dbp->close(dbp, DB_NOSYNC);
dbenvp->close(dbenvp, 0);
return 0;
DB_CONFIG is like below:
set_cachesize 0 20000 0
set_flags db_auto_commit
set_flags db_txn_nosync
set_flags db_log_inmemory
set_lk_detect db_lock_minlocks
Edited by: user9222236 on 2010-2-28 下午5:42
Edited by: user9222236 on 2010-2-28 下午5:45
Maybe you are looking for
-
HT201210 what if i can't restore my iphone
hello Apple, I have been updating my iPhone on new version. But they told me it's error and want me to restore my iphone first. But I cant even restore my iphone. how can I do then? Thanks
-
First experience -- hot/cold
In regards to posting: http://bbs.archlinux.org/viewtopic.php?id=59846 My problem with it was first it took 1+ years to close it. In addition, I was a newbie with 0 experience with Arch. Furthermore, I had no problem with the admin closing it foreve
-
HT1222 Fails - 2014-001 - due to incompatible disk???
Trying to udate a mac mini server running 10.7.5 using the security update 2014-001 and the install fails stating that none of the internal disks are compatible with this update. http://support.apple.com/kb/DL1727 Not quite sure how that's possible a
-
Socket.isConnected NoSuchMethodError
I am having trouble with the Socket class I have a very simple Socket program developed in Forte which compiles and runs successfully from the IDE. From the command line it compiles fine, but when I try to run it I keep getting NoSuchMethodError on t
-
i installed webkit-kpart-svn. is that enough for konqueror to use it? i didn't see any place to opt for webkit.