Acegi Plugin

bugs in Acegi plugin session handling

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: None
  • Component/s: None
  • Labels:
    None
  • Patch Submitted:
    Yes

Description

There are two bugs in the Hibernate session handling code:

  • GrailsDaoImpl is a singleton bean but keeps the session and the boolean indicating if the session was pre-existing as class-scope fields. So users have seen that it's possible for a 2nd thread to overwrite and close the session before the 1st thread is finished
  • although GrailsDaoImpl puts its session-related code in a try/finally, GrailsFilterInvocationDefinition does not, so it's possible to leak connections

I've fixed this in the version of the plugin that I sent to you but to help out the users who are affected by these bugs I posted fixed versions to the mailing list and am attaching them here until the plugin is updated.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
T.Yamamoto added a comment -

Thank you for fix code.

Show
T.Yamamoto added a comment - Thank you for fix code.
Hide
Permalink
Animesh Jain added a comment -

has the patch been included in the latest release - 1.0.3 ?

Show
Animesh Jain added a comment - has the patch been included in the latest release - 1.0.3 ?
Hide
Permalink
Burt Beckwith added a comment -

Yes, this was in the 0.2.1 and 0.3 releases.

Show
Burt Beckwith added a comment - Yes, this was in the 0.2.1 and 0.3 releases.
Hide
Permalink
Burt Beckwith added a comment -

reopening to update component

Show
Burt Beckwith added a comment - reopening to update component

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.1#660-r161644) | Report a problem
Powered by a free Atlassian JIRA open source license for Grails project. Try JIRA - bug tracking software for your team.