[gatein-issues] [JBoss JIRA] Commented: (GTNPORTAL-1048) GateIn+SSO integration: IdentityException thrown in special case when HTTP session expire
[
https://jira.jboss.org/jira/browse/GTNPORTAL-1048?page=com.atlassian.jira...
]
Marek Posolda commented on GTNPORTAL-1048:
------------------------------------------
Looks like calling of "authenticatior.validateUser(credentials)" forces
hibernate transaction to start. But calling of
"authenticator.createIdentity(username)" does not force it.
So issue is not visible in "normal" flow (without SSO) because both
authenticator.validateUser is called and later during authenticator.createIdentity is User
object founded in cache.
With SSO integration is not called authenticator.validateUser and so User object is not in
cache on PersistenceManagerImpl object.
It's only suggestion, hope this helps a little...
GateIn+SSO integration: IdentityException thrown in special case when
HTTP session expire
-----------------------------------------------------------------------------------------
Key: GTNPORTAL-1048
URL: https://jira.jboss.org/jira/browse/GTNPORTAL-1048
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Identity integration
Affects Versions: 3.0.0-GA
Environment: GateIn trunk (revision 2479) with JBoss 5.1.0,
Picketlink IDM version: 1.1.2.CR01,
JOSSO 1.8.1 +Tomcat bundle integrated with GateIn and running on localhost:8888,
Reporter: Marek Posolda
Assignee: Boleslaw Dawidowicz
Attachments: identityException-createCriteria.txt,
identityException-screenshot.png
I have GateIn configured with OpenSSO according to instructions in reference guide. And
going throught this scenario:
1) Go to http://localhist:8080/portal
2) Click to "sign in" and login as root with OpenSSO console. User is
redirected back to GateIn and correctly logged
3) Wait 5 minutes (Assumption is that session expiration is configured to be 1 minute in
gatein.ear/02portal.war/WEB-INF/web.xml)
4) Go to http://localhost:8080/portal/private/classic . Now I should be logged directly
into GateIn because of SSO cookie. And I am really is logged but I am not seeing user full
name (see attached screenshot). And exception is in server log (IdentityObjectType[USER]
not present in the store. Caused by: org.hibernate.HibernateException: createCriteria is
not valid without active transaction) Full exception is in server log.
I tried to debug and I founded that Hibernate transaction is not started when calling
orgService.getUserHandler().findUserByName(state.getIdentity().getUserId() from
CacheUserProfileFilter. It doesn't occur during normal user login because User object
is cached in PersistenceManagerImpl.findUser(). But problem occur when User is not cached
when findUserByName is called from CacheUserProfileFilter.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira