Description of problem: EJB3 Web Service using username token for authentication fails when you load test it with parallel invocations. See attached reproducer. See upstream JIRA https://issues.jboss.org/browse/JBWS-3843 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Alessio Soldano <asoldano> updated the status of jira JBWS-3843 to Resolved
Nacking because this fix need upgraded PicketBox with 2 fixes tracked in BZ 1173493 and BZ 1173492. Both these BZs are DEV NACKED. For this reason I must nack this BZ.
Acking - based on https://bugzilla.redhat.com/show_bug.cgi?id=1157479#c18 Jim Ma has workaround in WS codebase to be safe even without PicketBox upgrade.
Both https://issues.jboss.org/browse/SECURITY-868 https://issues.jboss.org/browse/SECURITY-866 are fixed in Picketbox 4.0.19.SP9.
Verified on EAP 6.3.3 ER1. Endpoint tested with 130 threads.
Alessio Soldano <asoldano> updated the status of jira JBWS-3843 to Closed