-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 5.3.1
-
Fix Version/s: 5.3.2
-
Component/s: Core, Seam / JSF UI, Web Common
-
Tags:
When the session timeout occurs, the Seam cleanup code is called in a thread that is not authenticated
=> the call to CoreInstance.getInstance.close() fails because of the underlying call to DocumentManagerBean.destroy that is not allowed ( EJB3 security interceptor blocks the unauthentciated call).
This result in a leak :
- We have a coreSession that is not released
=> static map in CoreInstance is not freed
==> may result in a OutOfMemoryError in PermGen
=> we leak an EJB3
==> one DocumentManagerBean passivated on disk that will never be cleared
Unless we find a clean way to bypass EJB3 security (since @PermitAll does nothing) the only walkaround is to open a SystemLogin.
