[jboss-jira] [JBoss JIRA] (WFLY-3529) UT000010: Session not found

Tuesday, 16 December 2014

    [
https://issues.jboss.org/browse/WFLY-3529?page=com.atlassian.jira.plugin....
] 

Cyril Chéné edited comment on WFLY-3529 at 12/16/14 4:59 AM:
-------------------------------------------------------------

We reproduced this problem with WF8.1 and WF8.2. It happens very often (almost always)
with this scenario:
# The user is connected to our JEE application, he has an HTTP session.
# The user signs out
# Our JEE application invalidates the session (using the JEE API
"HttpSession.invalidate()") and then makes a JEE forward to a JSP that must show
the user a message confirming his signing out.
# This JSP uses CSS that are bundled in the WAR, but WildFly refuses the HTTP requests for
these CSS files saying "IllegalStateException: UT000010: Session not found". So
the HTML page displayed to the user does not include the CSS.

Here is the stacktrace with WildFly 8.1 :
{code}
2014-12-15 16:11:40,787 ERROR [io.undertow.request] (default task-26) UT005023: Exception
handling request to /Demo/signOutStyle.css: java.lang.IllegalStateException: UT000010:
Session not found 6wrMTdwwMYu5OipfaZVyNNoN
	at
io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:319)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler$ServletAuthenticatedSessionManager.lookupSession(CachedAuthenticatedSessionHandler.java:124)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.CachedAuthenticatedSessionMechanism.runCached(CachedAuthenticatedSessionMechanism.java:45)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.CachedAuthenticatedSessionMechanism.authenticate(CachedAuthenticatedSessionMechanism.java:38)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_65]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_65]
	at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_65]
{code}

To our point of view, this is a serious issue. Have you any information on a way to bypass
this anomaly ?

was (Author: cchene):
We reproduced this problem with WF8.1 and WF8.2. It happens very often (almost always)
with this scenario:
# The user is connected to our JEE application, he has an HTTP session.
# The user signs out
# Our JEE application invalidates the session (using the JEE API
"HttpSession.invalidate()") and then makes a JEE forward to a JSP that must show
the user a message confirming his signing out.
# This JSP uses CSS that are bundled in the WAR, but WildFly refuses the HTTP requests for
these CSS files saying "IllegalStateException: UT000010: Session not found". So
the HTML page displayed to the user does not include the CSS.

Here is the stacktrace with WildFly 8.1 :
{code}
2014-12-15 16:11:40,787 ERROR [io.undertow.request] (default task-26) UT005023: Exception
handling request to /Demo/accessibleDeconnexionStyle.css: java.lang.IllegalStateException:
UT000010: Session not found 6wrMTdwwMYu5OipfaZVyNNoN
	at
io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:319)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler$ServletAuthenticatedSessionManager.lookupSession(CachedAuthenticatedSessionHandler.java:124)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.CachedAuthenticatedSessionMechanism.runCached(CachedAuthenticatedSessionMechanism.java:45)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.CachedAuthenticatedSessionMechanism.authenticate(CachedAuthenticatedSessionMechanism.java:38)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_65]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_65]
	at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_65]
{code}

To our point of view, this is a serious issue. Have you any information on a way to bypass
this anomaly ?

...
  UT000010: Session not found
 ----------------------------

                 Key: WFLY-3529
                 URL: https://issues.jboss.org/browse/WFLY-3529
             Project: WildFly
          Issue Type: Bug
          Components: Web (Undertow)
         Environment: Wildfly 8.1.0.Final , 
            Reporter: Youssef BIKHCHICHE
            Assignee: Stuart Douglas
         Attachments: WFLY-3529.tar.gz, WFLY-3529.war

 After migration our AS from Woldfly 8.0.0 to 8.1.0 we get this issue that we think has
been fixed in the previous release of wildfly.
 ERREOR code : 
 2014-06-20 12:45:21,092 ERROR [io.undertow.request] (default task-11) Blocking request
failed HttpServerExchange{ GET /xenturion/faces/public/500.xhtml}:
java.lang.RuntimeException: java.lang.IllegalStateException: UT000010: Session not found
cX6YRwOmoXcB8FFUdNY2r7Te
 	at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:408)
 	at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:311)
 	at
io.undertow.servlet.spec.HttpServletResponseImpl.sendError(HttpServletResponseImpl.java:128)
 	at
io.undertow.servlet.spec.HttpServletResponseImpl.sendError(HttpServletResponseImpl.java:142)
 	at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:273)
 	at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
 	at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
 	at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177)
 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_40]
 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_40]
 	at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_40]
 Caused by: java.lang.IllegalStateException: UT000010: Session not found
cX6YRwOmoXcB8FFUdNY2r7Te
 	at
io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:319)
 	at io.undertow.servlet.spec.HttpSessionImpl.getAttribute(HttpSessionImpl.java:121)
 	at
org.springframework.security.web.context.HttpSessionSecurityContextRepository.readSecurityContextFromSession(HttpSessionSecurityContextRepository.java:144)
 	at
org.springframework.security.web.context.HttpSessionSecurityContextRepository.loadContext(HttpSessionSecurityContextRepository.java:86)
 	at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)
 	at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
 	at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
 	at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
 	at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
 	at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
 	at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
 	at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61)
 	at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
 	at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:229)
 	at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:172)
 	at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:402)
 ======================================================
 this issue happens after a http session invalidate action and it' not a regular
problems.
 Best regards,
 Youssef 

--
This message was sent by Atlassian JIRA
(v6.3.11#6341)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] (WFLY-3529) UT000010: Session not found