Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-31134

thread backup on product license verification during Enterprise LDAP realm use

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.14.20, 2.14.21
    • Fix Version/s: 2.15.0
    • Component/s: LDAP
    • Labels:

      Description

      Repository is performing a product license verification check during every inbound request that uses the Pro version of the LDAP realm. Under high load this can cause backup of threads performing these license checks.

      Sample backed up thread:

      "qtp1794590957-27615" #27615 prio=5 os_prio=0 tid=0x00007f162829e800 nid=0x1a422 runnable [0x00007f14236cf000]
         java.lang.Thread.State: RUNNABLE
      	at java.lang.Class.forName0(Native Method)
      	at java.lang.Class.forName(Class.java:348)
      	at com.sun.beans.finder.ClassFinder.findClass(ClassFinder.java:103)
      	at com.sun.beans.finder.ClassFinder.resolveClass(ClassFinder.java:171)
      	at com.sun.beans.decoder.DocumentHandler.findClass(DocumentHandler.java:404)
      	at com.sun.beans.decoder.NewElementHandler.addAttribute(NewElementHandler.java:80)
      	at com.sun.beans.decoder.ObjectElementHandler.addAttribute(ObjectElementHandler.java:102)
      	at com.sun.beans.decoder.DocumentHandler.startElement(DocumentHandler.java:294)
      	at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:510)
      	at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1361)
      	at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2786)
      	at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605)
      	at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:507)
      	at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:867)
      	at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:796)
      	at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:142)
      	at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1216)
      	at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:644)
      	at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:328)
      	at com.sun.beans.decoder.DocumentHandler$1.run(DocumentHandler.java:375)
      	at com.sun.beans.decoder.DocumentHandler$1.run(DocumentHandler.java:372)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74)
      	at com.sun.beans.decoder.DocumentHandler.parse(DocumentHandler.java:372)
      	at java.beans.XMLDecoder$1.run(XMLDecoder.java:201)
      	at java.beans.XMLDecoder$1.run(XMLDecoder.java:199)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at java.beans.XMLDecoder.parsingComplete(XMLDecoder.java:199)
      	at java.beans.XMLDecoder.readObject(XMLDecoder.java:250)
      	at codeguard.licensing.qeu.itm(Unknown Source)
      	at codeguard.licensing.qeu.clk(Unknown Source)
      	at codeguard.licensing.qeu.zxn(Unknown Source)
      	at de.schlichtherle.xml.GenericCertificate.getContent(Unknown Source)
      	at codeguard.licensing.tpg.zxn(Unknown Source)
      	- locked <0x00000006dfed17e0> (a codeguard.licensing.tpg)
      	at codeguard.licensing.tpg.omj(Unknown Source)
      	- eliminated <0x00000006dfed17e0> (a codeguard.licensing.tpg)
      	at codeguard.licensing.tpg.itm(Unknown Source)
      	at codeguard.licensing.bab.mif(Unknown Source)
      	- locked <0x00000006dfed17e0> (a codeguard.licensing.tpg)
      	at org.sonatype.licensing.trial.internal.DefaultTrialLicenseManager.verifyLicense(Unknown Source)
      	at org.sonatype.licensing.product.internal.DefaultProductLicenseManager.verifyLicenseAndFeature(Unknown Source)
      	at com.sonatype.security.ldap.realms.EnterpriseLdapAuthenticationRealm.queryForAuthenticationInfo(EnterpriseLdapAuthenticationRealm.java:70)
      	at org.apache.shiro.realm.ldap.AbstractLdapRealm.doGetAuthenticationInfo(AbstractLdapRealm.java:200)
      	at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571)
      	at org.sonatype.security.authentication.FirstSuccessfulModularRealmAuthenticator.doMultiRealmAuthentication(FirstSuccessfulModularRealmAuthenticator.java:55)
       

      Expected

      Move the product license check to somewhere that isn't called as frequently, such as when adding a user into the LDAP cache

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Rich Seddon Rich Seddon
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title