Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-2757

PrivilegeEvaluator might deadlock if there was a referral privilege added during evaluation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 9.5.3, 9.5.4_RC1, 9.5.5, 10.0.0, 10.0.1, 10.1.0-Xpress
    • Fix Version/s: 9.5.6, 10.0.2, 11.0.0
    • Component/s: entitlements
    • Labels:
    • Rank:
      1|hzo1hz:
    • Support Ticket IDs:

      Description

      PrivilegeEvaluator will deadlock if there was a referral privilege added during evaluation.

      Thread 24442: (state = BLOCKED)

      • sun.misc.Unsafe.park(boolean, long) @bci=0 (Compiled frame; information may be imprecise)
      • java.util.concurrent.locks.LockSupport.park(java.lang.Object) @bci=14, line=156 (Interpreted frame)
      • java.util.concurrent.locks.AbstractQueuedSynchronizer.parkAndCheckInterrupt() @bci=1, line=811 (Interpreted frame)
      • java.util.concurrent.locks.AbstractQueuedSynchronizer.doAcquireShared(int) @bci=68, line=941 (Interpreted frame)
      • java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireShared(int) @bci=10, line=1261 (Compiled frame)
      • java.util.concurrent.locks.ReentrantReadWriteLock$ReadLock.lock() @bci=5, line=594 (Compiled frame)
      • com.sun.identity.entitlement.ReferredApplicationManager.getReferredApplications(java.lang.String) @bci=9, line=60 (Interpreted frame)
      • com.sun.identity.entitlement.ApplicationManager.getAllApplication(java.lang.String) @bci=128, line=253 (Interpreted frame)
      • com.sun.identity.entitlement.ApplicationManager.getApplications(javax.security.auth.Subject, java.lang.String) @bci=1, line=262 (Interpreted frame)
      • com.sun.identity.entitlement.ApplicationManager.getApplication(javax.security.auth.Subject, java.lang.String, java.lang.String) @bci=74, line=331 (Interpreted frame)
      • com.sun.identity.entitlement.Entitlement.getApplication(javax.security.auth.Subject, java.lang.String) @bci=16, line=836 (Interpreted frame)
      • com.sun.identity.entitlement.Entitlement.getResourceSaveIndexes(javax.security.auth.Subject, java.lang.String) @bci=5, line=803 (Interpreted frame)
      • com.sun.identity.entitlement.opensso.OpenSSOIndexStore.cache(com.sun.identity.entitlement.Privilege, java.util.Set, java.lang.String) @bci=31, line=351 (Compiled frame)
      • com.sun.identity.entitlement.opensso.OpenSSOIndexStore.cache(com.sun.identity.entitlement.IPrivilege, java.util.Set, java.lang.String) @bci=14, line=337 (Compiled frame)
      • com.sun.identity.entitlement.opensso.OpenSSOIndexStore.access$300(com.sun.identity.entitlement.opensso.OpenSSOIndexStore, com.sun.identity.entitlement.IPrivilege, java.util.Set, java.lang.String) @
        bci=4, line=79 (Compiled frame)
      • com.sun.identity.entitlement.opensso.OpenSSOIndexStore$SearchTask.run() @bci=89, line=934 (Compiled frame)
      • com.sun.identity.entitlement.SequentialThreadPool.submit(java.lang.Runnable) @bci=1, line=38 (Interpreted frame)
      • com.sun.identity.entitlement.opensso.OpenSSOIndexStore.search(java.lang.String, com.sun.identity.entitlement.ResourceSearchIndexes, java.util.Set, boolean, boolean) @bci=163, line=414 (Interpreted
        frame)
      • com.sun.identity.entitlement.opensso.OpenSSOIndexStore.search(java.lang.String, com.sun.identity.entitlement.ResourceSearchIndexes, java.util.Set, boolean) @bci=7, line=382 (Interpreted frame)
      • com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(java.lang.String) @bci=65, line=279 (Compiled frame)
      • com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(java.lang.String, javax.security.auth.Subject, javax.security.auth.Subject, java.lang.String, java.lang.String, java.util.Map, boolean) @bci
        =47, line=263 (Interpreted frame)
      • com.sun.identity.entitlement.ReferralPrivilege.evaluate(javax.security.auth.Subject, java.lang.String, javax.security.auth.Subject, java.lang.String, java.lang.String, java.util.Set, java.util.Map,
        boolean, java.lang.Object) @bci=405, line=488 (Compiled frame)
      • com.sun.identity.entitlement.PrivilegeEvaluator$PrivilegeTask.run() @bci=97, line=437 (Compiled frame)
      • com.sun.identity.entitlement.ThreadPool$WorkerThread.run() @bci=121, line=136 (Compiled frame)

      Thread 30144: (state = BLOCKED)

      • sun.misc.Unsafe.park(boolean, long) @bci=0 (Compiled frame; information may be imprecise)
      • java.util.concurrent.locks.LockSupport.park(java.lang.Object) @bci=14, line=156 (Compiled frame)
      • java.util.concurrent.locks.AbstractQueuedSynchronizer.parkAndCheckInterrupt() @bci=1, line=811 (Compiled frame)
      • java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireQueued(java.util.concurrent.locks.AbstractQueuedSynchronizer$Node, int) @bci=48, line=842 (Compiled frame)
      • java.util.concurrent.locks.AbstractQueuedSynchronizer.acquire(int) @bci=17, line=1178 (Interpreted frame)
      • java.util.concurrent.locks.ReentrantReadWriteLock$WriteLock.lock() @bci=5, line=807 (Interpreted frame)
      • com.sun.identity.entitlement.ApplicationManager.clearCache(java.lang.String) @bci=6, line=574 (Interpreted frame)
      • com.sun.identity.entitlement.ReferredApplicationManager.clearCache() @bci=94, line=101 (Interpreted frame)
      • com.sun.identity.entitlement.opensso.NotificationServlet.handleReferralPrivilegeAdded(javax.servlet.http.HttpServletRequest) @bci=12, line=107 (Interpreted frame)
      • com.sun.identity.entitlement.opensso.NotificationServlet.handleRequest(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @bci=110, line=84 (Interpreted frame)
      • com.sun.identity.entitlement.opensso.NotificationServlet.doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @bci=3, line=65 (Interpreted frame)
      • javax.servlet.http.HttpServlet.service(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @bci=139, line=641 (Interpreted frame)
      • javax.servlet.http.HttpServlet.service(javax.servlet.ServletRequest, javax.servlet.ServletResponse) @bci=30, line=722 (Interpreted frame)
      • org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse) @bci=439, line=304 (Compiled frame)
      • org.apache.catalina.core.ApplicationFilterChain.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse) @bci=101, line=210 (Compiled frame)
      • org.forgerock.openam.validation.ResponseValidationFilter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) @bci=23, line=44 (Interpreted frame)
      • org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse) @bci=151, line=243 (Compiled frame)
      • org.apache.catalina.core.ApplicationFilterChain.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse) @bci=101, line=210 (Compiled frame)
      • com.sun.identity.setup.AMSetupFilter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) @bci=126, line=95 (Interpreted frame)
      • org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse) @bci=151, line=243 (Compiled frame)
      • org.apache.catalina.core.ApplicationFilterChain.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse) @bci=101, line=210 (Compiled frame)
      • org.apache.catalina.core.StandardWrapperValve.invoke(org.apache.catalina.connector.Request, org.apache.catalina.connector.Response) @bci=780, line=224 (Interpreted frame)
      • org.apache.catalina.core.StandardContextValve.invoke(org.apache.catalina.connector.Request, org.apache.catalina.connector.Response) @bci=304, line=175 (Interpreted frame)
      • org.apache.catalina.authenticator.AuthenticatorBase.invoke(org.apache.catalina.connector.Request, org.apache.catalina.connector.Response) @bci=363, line=472 (Interpreted frame)

        Attachments

          Activity

            People

            Assignee:
            sachiko Sachiko Wallace
            Reporter:
            sachiko Sachiko Wallace
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: