request.getSession() throws IllegalStateException in distributable webapp ------------------------------------------------------------------------- Key: WFLY-2369 URL: https://issues.jboss.org/browse/WFLY-2369 Project: WildFly Issue Type: Bug Security Level: Public(Everyone can see) Components: Web (Undertow) Affects Versions: 8.0.0.Beta1 Reporter: Jonathan Fuerth Assignee: Paul Ferraro A webapp I'm working is experiencing an IllegalStateException from calling the no-args request.getSession() method. The app has the <distributable/> marker in its web.xml. Taking <distributable/> out makes this issue go away. Here is the stack trace: {code} 17:29:05,728 DEBUG [org.uberfire.security.server.UberFireSecurityFilter] (default task-1) Authentication failure. Sending HTTP 401 response.: org.uberfire.security.auth.AuthenticationException: Validation fails. at org.uberfire.security.server.HttpSecurityManagerImpl.authenticate(HttpSecurityManagerImpl.java:220) [uberfire-security-server-0.4.0-SNAPSHOT.jar:0.4.0-SNAPSHOT] at org.uberfire.security.server.UberFireSecurityFilter.authenticate(UberFireSecurityFilter.java:333) [uberfire-security-server-0.4.0-SNAPSHOT.jar:0.4.0-SNAPSHOT] at org.uberfire.security.server.UberFireSecurityFilter.doFilter(UberFireSecurityFilter.java:277) [uberfire-security-server-0.4.0-SNAPSHOT.jar:0.4.0-SNAPSHOT] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:59) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:81) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:52) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:65) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:70) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:218) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:205) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:69) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:134) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.server.HttpHandlers.executeRootHandler(HttpHandlers.java:36) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:619) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25] at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25] Caused by: java.lang.IllegalStateException: UT000028: Session Q2FoOHf4ij6rcxT6v_9WsBOG already exists at org.wildfly.clustering.web.undertow.session.SessionManagerAdapter.createSession(SessionManagerAdapter.java:98) at io.undertow.servlet.spec.ServletContextImpl.getSession(ServletContextImpl.java:680) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.servlet.spec.HttpServletRequestImpl.getSession(HttpServletRequestImpl.java:340) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at io.undertow.servlet.spec.HttpServletRequestImpl.getSession(HttpServletRequestImpl.java:345) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17] at org.uberfire.security.server.auth.HttpSessionStorage.load(HttpSessionStorage.java:36) [uberfire-security-server-0.4.0-SNAPSHOT.jar:0.4.0-SNAPSHOT] at org.uberfire.security.server.auth.HttpAuthenticationManager.authenticate(HttpAuthenticationManager.java:87) [uberfire-security-server-0.4.0-SNAPSHOT.jar:0.4.0-SNAPSHOT] at org.uberfire.security.server.HttpSecurityManagerImpl.authenticate(HttpSecurityManagerImpl.java:216) [uberfire-security-server-0.4.0-SNAPSHOT.jar:0.4.0-SNAPSHOT] ... 25 more {code} In case you need to see it, the source code for the app that generated this trace is at https://github.com/jfuerth/errai-cdi-workbench/tree/11794888a873ae7182524... For completeness, the snapshot versions of its dependencies come from these git commits in the respective projects. * Errai: bd130e238ed39a90d513e366336b0e20b8761146 * UberFire: 3756076ce8005ba1b0cbab6745b5d274c97d56d8 If you need to dig this deep, please ping me. I'm happy to help :)