Failed authentication on service REST after a session timeout ------------------------------------------------------------- Key: GTNPORTAL-3448 URL: https://issues.jboss.org/browse/GTNPORTAL-3448 Project: GateIn Portal Issue Type: Bug Security Level: Public(Everyone can see) Reporter: Tuyen Nguyen The Assignee: Tuyen Nguyen The Fix For: 3.5.10.Final, 3.7.1.Final, 3.8.0.Final Attachments: authenticate-successfully.png, reauthenticated-failure.png Case to reproduce: - Access to api {code} http://localhost:8080/rest/private/managed-components/api/sites/classic/p... {code} - Authentication with user root and now we can list all page of classic site (include Group Navitation and Portal Navigation page) - Wait until session timeout (about ~30 minute) - Access to list all page api again, now we only see public pages (see attachments) and has error in log: {code} [http-bio-8080-exec-10] ERROR exo.core.component.security.core.SetCurrentIdentityFilter - Not found identity in IdentityRegistry for user root, check Login Module. {code} This error is unusually occured. Maybe identity was removed from IdentityRegistry after session timeout and it throw this error. So, we should set restoreIdentity=true of the filter "SetCurrentIdentityFilter" into web.xml of rest.war (like in portal.war) to reinject the identity when it is lost