7 Replies Latest reply on Apr 3, 2014 9:42 AM by Eduardo Martins

    EJB-thread (which becomes pooled) inherits store from current web-thread

    Daniel Lechner Novice

      I have a webapplication running on Widlfly 8.0.0.Final. To secure access to the webinterface we utilize a third-party-library (Apache Shiro). This library stores it's context information (logged-in user, ...) in an InheritableThreadLocal variable, which is added and removed by a Servlet-Filter.


      If I start the application-server and enter the webinterface, the filter adds some information to this InheritableThreadLocal variable. At some point the application calls an @Asynchronous method of a SFSB.

      It seems that the following happens: since the thread-pool is empty at this moment, the application-server creates a new thread to execute the asynchronous EJB-method. Since there is an InheritableThreadLocal which contains some data, this data is inherited to this newly created thread. After finishing the method, the thread becomes pooled and may be reused later. After the web-request finishes, the servlet-filter removes the information in the InheritableThreadLocal of the current thread, but obviously does not touch the spawned (pooled) thread - leading to leak some information to the pooled thread.

      If I call some EJB methods afterwards (e.g. via the remote-interface), I can read the previously stored information if the thread which has been created before is used.


      I haven't expected this since I would suppose that the threads which are in the pool are "clean" and do not depend on the thread which (randomly) initiate their creation because of first usage.