[gatein-issues] [JBoss JIRA] Commented: (GTNPORTAL-1048) GateIn+SSO integration: IdentityException thrown in special case when HTTP session expire

Wed Apr 14 03:27:25 EDT 2010

    [ https://jira.jboss.org/jira/browse/GTNPORTAL-1048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12525562#action_12525562 ] 

Marek Posolda commented on GTNPORTAL-1048:
------------------------------------------

Looks like calling of "authenticatior.validateUser(credentials)" forces hibernate transaction to start. But calling of "authenticator.createIdentity(username)" does not force it.

So issue is not visible in "normal" flow (without SSO) because both authenticator.validateUser is called and later during authenticator.createIdentity is User object founded in cache.
With SSO integration is not called authenticator.validateUser and so User object is not in cache on PersistenceManagerImpl object.

It's only suggestion, hope this helps a little...

> GateIn+SSO integration: IdentityException thrown in special case when HTTP session expire
> -----------------------------------------------------------------------------------------
>
>                 Key: GTNPORTAL-1048
>                 URL: https://jira.jboss.org/jira/browse/GTNPORTAL-1048
>             Project: GateIn Portal
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Identity integration
>    Affects Versions: 3.0.0-GA
>         Environment: GateIn trunk (revision 2479) with JBoss 5.1.0,
> Picketlink IDM version: 1.1.2.CR01,
> JOSSO 1.8.1 +Tomcat bundle integrated with GateIn and running on localhost:8888,
>            Reporter: Marek Posolda
>            Assignee: Boleslaw Dawidowicz
>         Attachments: identityException-createCriteria.txt, identityException-screenshot.png
>
>
> I have GateIn configured with OpenSSO according to instructions in reference guide. And going throught this scenario:
> 1) Go to http://localhist:8080/portal
> 2) Click to "sign in" and login as root with OpenSSO console. User is redirected back to GateIn and correctly logged
> 3) Wait 5 minutes (Assumption is that session expiration is configured to be 1 minute in gatein.ear/02portal.war/WEB-INF/web.xml)
> 4) Go to http://localhost:8080/portal/private/classic . Now I should be logged directly into GateIn because of SSO cookie. And I am really is logged but I am not seeing user full name (see attached screenshot). And exception is in server log (IdentityObjectType[USER] not present in the store. Caused by: org.hibernate.HibernateException: createCriteria is not valid without active transaction) Full exception is in server log.
> I tried to debug and I founded that Hibernate transaction is not started when calling orgService.getUserHandler().findUserByName(state.getIdentity().getUserId() from CacheUserProfileFilter. It doesn't occur during normal user login because User object is cached in PersistenceManagerImpl.findUser(). But problem occur when User is not cached when findUserByName is called from CacheUserProfileFilter.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira