1 Reply Latest reply: Dec 16, 2010 10:17 AM by Sergiu Pienar RSS

ConcurrentModificationException from the security manager

Jeff Mesnil Master

Hi,

 

I'm helping to integrate HornetQ into AS 6 and when I run the TCK tests, I have failures caused by a ConcurrentModificationException in JBoss SimpleRoleGroup:

 

 

 

 

16:58:24,449 ERROR [org.hornetq.core.protocol.core.ServerSessionPacketHandler] Caught unexpected exception: java.util.ConcurrentModificationException
at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
at java.util.AbstractList$Itr.next(AbstractList.java:343)
at org.jboss.security.identity.plugins.SimpleRoleGroup.containsRole(SimpleRoleGroup.java:181)
at org.jboss.security.plugins.JBossAuthorizationManager.doesRoleGroupHaveRole(JBossAuthorizationManager.java:254)
at org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:194)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.doesUserHaveRole(JaasSecurityManagerBase.java:434)
at org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:195)
at org.hornetq.integration.jboss.security.JBossASSecurityManager.validateUserAndRole(JBossASSecurityManager.java:110)
at org.hornetq.core.security.impl.SecurityStoreImpl.check(SecurityStoreImpl.java:172)
HornetQ code just delegates to JBoss JaasSecurityManager:

         authenticated = realmMapping.doesUserHaveRole(principal, rolePrincipals);

 

 

This exception happens when HornetQ checks if a MDB has the right to create a JMS Consumer.
Just before the exception occurs, I have a warning:
16:58:23,202 WARN  [org.jboss.ejb.EjbModule] EJB configured to bypass security. Please verify if this is intended. Bean=MDB_QUEUETXNS_CMT Deployment=vfs:///Users/jmesnil/Desktop/as/trunk/build/target/jboss-6.0.0-SNAPSHOT/server/cts/tmp/jsr88/mdb_msg.ear/mdb_msg_ejb.jar/
and the MDB has the following configuration:
        <as-context>
          <auth-method>username_password</auth-method>
          <realm>default</realm>
          <required>false</required>
        </as-context>
Is it valid to call JaasSecurityManager.doesUserHaveRole when the EJB bypasses security. And if it is not, how can I check it from the RealMapping or the AuthenticationManager?
thanks,
jeff