[gatein-issues] [JBoss JIRA] Commented: (GTNPORTAL-1048) GateIn+SSO integration: IdentityException thrown in special case when HTTP session expire
[
https://jira.jboss.org/jira/browse/GTNPORTAL-1048?page=com.atlassian.jira...
]
Boleslaw Dawidowicz commented on GTNPORTAL-1048:
------------------------------------------------
It is not PL issue as the exception is not related to any PL internal cache or even
identity component cache but gatein filter performing IDM call outside of valid
transaction. And no hibernate object is passed outside picketlink in any situation so
there is nothing to get out of sync really... this is not PL Cache Layer. So if this can
be observed in every type of SSO integration this means that something seriously differs
in the flow there. Anyway I'll followup.
GateIn+SSO integration: IdentityException thrown in special case when
HTTP session expire
-----------------------------------------------------------------------------------------
Key: GTNPORTAL-1048
URL: https://jira.jboss.org/jira/browse/GTNPORTAL-1048
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Identity integration
Affects Versions: 3.0.0-GA
Environment: GateIn trunk (revision 2479) with JBoss 5.1.0,
Picketlink IDM version: 1.1.2.CR01,
JOSSO 1.8.1 +Tomcat bundle integrated with GateIn and running on localhost:8888,
Reporter: Marek Posolda
Attachments: identityException-createCriteria.txt,
identityException-screenshot.png
I have GateIn configured with OpenSSO according to instructions in reference guide. And
going throught this scenario:
1) Go to http://localhist:8080/portal
2) Click to "sign in" and login as root with OpenSSO console. User is
redirected back to GateIn and correctly logged
3) Wait 5 minutes (Assumption is that session expiration is configured to be 1 minute in
gatein.ear/02portal.war/WEB-INF/web.xml)
4) Go to http://localhost:8080/portal/private/classic . Now I should be logged directly
into GateIn because of SSO cookie. And I am really is logged but I am not seeing user full
name (see attached screenshot). And exception is in server log (IdentityObjectType[USER]
not present in the store. Caused by: org.hibernate.HibernateException: createCriteria is
not valid without active transaction) Full exception is in server log.
I tried to debug and I founded that Hibernate transaction is not started when calling
orgService.getUserHandler().findUserByName(state.getIdentity().getUserId() from
CacheUserProfileFilter. It doesn't occur during normal user login because User object
is cached in PersistenceManagerImpl.findUser(). But problem occur when User is not cached
when findUserByName is called from CacheUserProfileFilter.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira