[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-4003) SecurityInterceptor can fail in a cluster

Norman Richards (JIRA) jira-events at lists.jboss.org
Mon Mar 9 21:25:22 EDT 2009 

    [ https://jira.jboss.org/jira/browse/JBSEAM-4003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12456322#action_12456322 ] 

Norman Richards commented on JBSEAM-4003:
-----------------------------------------

That is part of the clustering code.  It needs to call hashcode on objects in the session.  The security interceptor can prevent that, which will cause clustering to completely fall over which, in my tests, causes the entire session to become invalid and unrecoverable.  This problem came  up for me when running the booking example clustered in jboss 5.

> SecurityInterceptor can fail in a cluster
> -----------------------------------------
>
>                 Key: JBSEAM-4003
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-4003
>             Project: Seam
>          Issue Type: Bug
>            Reporter: Norman Richards
>            Assignee: Shane Bryzak
>             Fix For: 2.1.2.CR1
>
>
> SecurityInterceptor with an @Restrict clause can cause session replication to fail.  Session replication requires calling the hashCode method.  If this method throws an exception, session replication fails, putting the application in bad state.
> 15:47:52,701 WARN  [/seam-booking] Failed to replicate session mKN0jWfC7HHRYT1vmOeB-Q__
> org.jboss.seam.security.NotLoggedInException
>         at org.jboss.seam.security.Identity.checkRestriction(Identity.java:217)
>         at org.jboss.seam.security.SecurityInterceptor$Restriction.check(SecurityInterceptor.java:113)
>         at org.jboss.seam.security.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:159)
>         at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
>         at org.jboss.seam.ejb.RemoveInterceptor.aroundInvoke(RemoveInterceptor.java:43)
>         at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
>         at org.jboss.seam.core.SynchronizationInterceptor.aroundInvoke(SynchronizationInterceptor.java:32)
>         at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
>         at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:118)
>         at org.jboss.seam.intercept.ClientSideInterceptor.invoke(ClientSideInterceptor.java:54)
>         at org.javassist.tmp.java.lang.Object_$$_javassist_seam_4.hashCode(Object_$$_javassist_seam_4.java)
>         at java.util.HashMap$Entry.hashCode(HashMap.java:764)
>         at java.util.AbstractMap.hashCode(AbstractMap.java:557)
>         at org.jboss.ha.framework.server.SimpleCachableMarshalledValue.<init>(SimpleCachableMarshalledValue.java:74)
>         at org.jboss.ha.framework.server.SimpleCachableMarshalledValue.<init>(SimpleCachableMarshalledValue.java:80)
>         at org.jboss.web.tomcat.service.session.distributedcache.spi.SessionSerializationFactory.createMarshalledValue(SessionSerializationFactory.java:74)
>         at org.jboss.web.tomcat.service.session.distributedcache.impl.jbc.AbstractJBossCacheService.getMarshalledValue(AbstractJBossCacheService.java:641)
>         at org.jboss.web.tomcat.service.session.distributedcache.impl.jbc.AbstractJBossCacheService.putSession(AbstractJBossCacheService.java:405)
>         at org.jboss.web.tomcat.service.session.ClusteredSession.processSessionReplication(ClusteredSession.java:1194)
>         at org.jboss.web.tomcat.service.session.JBossCacheManager.processSessionRepl(JBossCacheManager.java:1635)
>         at org.jboss.web.tomcat.service.session.JBossCacheManager.storeSession(JBossCacheManager.java:294)
>         at org.jboss.web.tomcat.service.session.InstantSnapshotManager.snapshot(InstantSnapshotManager.java:49)
>         at org.jboss.web.tomcat.service.session.ClusteredSessionValve.invoke(ClusteredSessionValve.java:120)
>         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
>         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
>         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
>         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
>         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
>         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>         at java.lang.Thread.run(Thread.java:613)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list