Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15694

RestSTSServiceHttpRouteProvider causes memory leak by adding route for every access

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 14.1.1, 6.0.0, 6.5.0
    • Fix Version/s: 6.5.3, 7.0.0, 5.5.2
    • Component/s: STS
    • Labels:
    • Sprint:
      AM Sustaining Sprint 69, AM Sustaining Sprint 70, AM Sustaining Sprint 71, AM Sustaining Sprint 72
    • Story Points:
      5
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      RestSTSServiceHttpRouteProvider causes memory leak by adding route for every access

      How to reproduce the issue

      1. select an appropriate realm
      2. click [STS] from left hand menu > [Rest STS] tab > click "+ Add Rest STS"
      1. click "Crete" button
      2. retrieve "amadmin" SSOToken
          curl --request POST --header "X-OpenAM-Username: demo" --header "X-OpenAM-Password: changeit" --header "Content-Type: application/json" --header "Accept-API-Version:protocol=1.0,resource=2.1" --data "{}" "http://openam.example.com:18080/openam/json/realms/root/authenticate"
          
      3. retrieve "demo" SSOToken
          curl --request POST --header "X-OpenAM-Username: demo" --header "X-OpenAM-Password: changeit" --header "Content-Type: application/json" --header "Accept-API-Version:protocol=1.0,resource=2.1" --data "{}" "tp://openam.example.com:18080/openam/json/realms/root/authenticate"
          
      4. request Rest STS to translate
         curl -v \
         --request POST \
         --header "iPlanetDirectoryPro: <amadmin token>" \
         --header "Content-Type: application/json" \
         --data '{
            "input_token_state": {
                "token_type": "OPENAM",
                "session_id": "<user token>"
            },
            "output_token_state": {
                "token_type": "OPENIDCONNECT",
                "nonce":"12345678",
                "allow_access": true
            }
         }' \
         http://openam.example.com:18080/openam/rest-sts/instance1?_action=translate
          
      Expected behaviour
      java.util.concurrent.CopyOnWriteArrayList held within org.forgerock.json.resource.Router shouldn't increase in size
      
      Current behaviour
      org.forgerock.json.resource.Router objects accumulates with every access to /rest-sts endpoint
      

      Work around

      N/A

      Code analysis

      At the moment, RestSTSServiceHttpRouteProvider references a route which RestSTSModule holds for every access to /rest-sts as a handler, but new route instance is added for each access. It seems like common CHF adds this newly added route as apiListener and removes it when request is finished. However, since a route inside RestSTSModule is held across requests, a route inside apiListener doesn't go away and it accumulates over time.

      org.forgerock.$className.java
      "http-nio-18080-exec-1@16447" daemon prio=5 tid=0xd9 nid=NA runnable
        java.lang.Thread.State: RUNNABLE
      	  at org.forgerock.json.resource.Router.getThis(Router.java:92)
      	  at org.forgerock.json.resource.Router.getThis(Router.java:67)
      	  at org.forgerock.services.routing.AbstractRouter.updateApiDescriptorAndNotify(AbstractRouter.java:143)
      	  at org.forgerock.services.routing.AbstractRouter.addRoute(AbstractRouter.java:124)
      	  at org.forgerock.json.resource.Router.addRoute(Router.java:226)
      	  at org.forgerock.openam.rest.Routers$VersionedResourceRoute.addRoute(Routers.java:1130)
      	  at org.forgerock.openam.rest.Routers$VersionedResourceRoute.toRequestHandler(Routers.java:1118)
      	  at org.forgerock.openam.rest.Routers$ResourceRoute.toRequestHandler(Routers.java:706)
      	  at org.forgerock.openam.sts.rest.service.RestSTSServiceHttpRouteProvider$1.get(RestSTSServiceHttpRouteProvider.java:60)
      	  at org.forgerock.openam.sts.rest.service.RestSTSServiceHttpRouteProvider$1.get(RestSTSServiceHttpRouteProvider.java:45)
      

        Attachments

          Activity

            People

            • Assignee:
              sachiko Sachiko Wallace
              Reporter:
              sachiko Sachiko Wallace
            • Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: