[gatein-issues] [JBoss JIRA] Commented: (GTNPORTAL-1048) GateIn+SSO integration: IdentityException thrown in special case when HTTP session expire
[
https://jira.jboss.org/jira/browse/GTNPORTAL-1048?page=com.atlassian.jira...
]
Boleslaw Dawidowicz commented on GTNPORTAL-1048:
------------------------------------------------
Yes, thats the point. As IDM call in authenticator is wrap with the call to begin/end in
proper ComponentRequestLifecycle. Then by establishing identity SSO integration makes
SetCurrentIdentityFilter to create new ConversationState which then make
CacheUserProfileFilter to call IDM to cache user profile. I'll try to come with
workaround that will work in both configurations (with or without SSO).
GateIn+SSO integration: IdentityException thrown in special case when
HTTP session expire
-----------------------------------------------------------------------------------------
Key: GTNPORTAL-1048
URL: https://jira.jboss.org/jira/browse/GTNPORTAL-1048
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Identity integration
Affects Versions: 3.0.0-GA
Environment: GateIn trunk (revision 2479) with JBoss 5.1.0,
Picketlink IDM version: 1.1.2.CR01,
JOSSO 1.8.1 +Tomcat bundle integrated with GateIn and running on localhost:8888,
Reporter: Marek Posolda
Assignee: Boleslaw Dawidowicz
Attachments: identityException-createCriteria.txt,
identityException-screenshot.png
I have GateIn configured with OpenSSO according to instructions in reference guide. And
going throught this scenario:
1) Go to http://localhist:8080/portal
2) Click to "sign in" and login as root with OpenSSO console. User is
redirected back to GateIn and correctly logged
3) Wait 5 minutes (Assumption is that session expiration is configured to be 1 minute in
gatein.ear/02portal.war/WEB-INF/web.xml)
4) Go to http://localhost:8080/portal/private/classic . Now I should be logged directly
into GateIn because of SSO cookie. And I am really is logged but I am not seeing user full
name (see attached screenshot). And exception is in server log (IdentityObjectType[USER]
not present in the store. Caused by: org.hibernate.HibernateException: createCriteria is
not valid without active transaction) Full exception is in server log.
I tried to debug and I founded that Hibernate transaction is not started when calling
orgService.getUserHandler().findUserByName(state.getIdentity().getUserId() from
CacheUserProfileFilter. It doesn't occur during normal user login because User object
is cached in PersistenceManagerImpl.findUser(). But problem occur when User is not cached
when findUserByName is called from CacheUserProfileFilter.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira