Affects Version/s: 11.0.0, 12.0.0, 13.0.0, 13.5.0
When OpenAM creates ServiceConfigImpl as global configuration, it overwrite old value in cache.
Then, some reference are remained.
So GC does not collect them.
Reproduction step 1:
1) Access the admin console
2) Click tab or link again and again
Reproduction step 2 (only OpenAM 11):
1) Configure OpenAM as OAuth2 Provider that use the global configuration
2) Get an access token
3) Access the tokeninfo endpoint again and again
Reproduction step 3:
Create a chain as per forgerock authenticator chain in the admin guide
put al2.jsp in your webapps/openam directory, altering to match your oath chain
ab -c 50 -n 1000000 http://openam.example.com:18080/openam/al2.jsp
monitor memory usage and performance figures.
Memory usage to grow under load and shrink afterwards. Performance to generally stay at the same level after multiple tests
Massive memory growth, performance degradation.