[JBoss JIRA] (WFLY-10630) HttpSessionListener.sessionDestroyed() not called if session invalidated in another WAR
12:31 a.m.
[
https://issues.jboss.org/browse/WFLY-10630?page=com.atlassian.jira.plugin...
]
Bartosz Baranowski edited comment on WFLY-10630 at 8/1/18 1:30 AM:
-------------------------------------------------------------------
[~bkabelka] Yeah, this wont cut it:
{quote}
HTTP ERROR 405
{quote}
{quote}
10:09:28,362 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1)
RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException: RESTEASY003650: No
resource method found for POST, return 405 with Allow header
at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:455)
at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:141)
{quote}
Ive set up domain like:
{noformat}
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
....
<security-domain name="sessionlistener">
<authentication>
<login-module code="UsersRoles"
flag="required">
<module-option name="usersProperties"
value="file://${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties"
value="file://${jboss.server.config.dir}/application-roles.properties"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
</subsystem>
{noformat}
was (Author: baranowb):
[~bkabelka] Yeah, this wont cut it:
{quote}
HTTP ERROR 405
{quote}
{quote}
10:09:28,362 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1)
RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException: RESTEASY003650: No
resource method found for POST, return 405 with Allow header
at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:455)
at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:141)
{quote}
Ive set up domain like:
{quote}
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
....
<security-domain name="sessionlistener">
<authentication>
<login-module code="UsersRoles"
flag="required">
<module-option name="usersProperties"
value="file://${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties"
value="file://${jboss.server.config.dir}/application-roles.properties"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
</subsystem>
{quote}
HttpSessionListener.sessionDestroyed() not called if session
invalidated in another WAR
---------------------------------------------------------------------------------------
Key: WFLY-10630
URL: https://issues.jboss.org/browse/WFLY-10630
Project: WildFly
Issue Type: Bug
Components: Web (Undertow)
Affects Versions: 10.0.0.Final, 13.0.0.Final
Environment: Windows 10, Java 1.8.0_131
Reproducible with both WildFly-10.0.0.Final and Wildfly-13.0.0.Final
Reporter: Bernhard Kabelka
Assignee: Bartosz Baranowski
For sessions shared across different WARs in a single EAR, the notification of
HttpSessionListener works differently in WildFly 10.0.0.Final (and Wildfly 13.0.0.Final)
than it it used to work in WildFly 8.2.0.Final:
I have an EAR containing two WARs with enabled session sharing across the WARs.
Basically, one WAR contains the web UI, and the other WAR contains the REST interfaces for
AJAX calls made by the UI. The user authenticates against the UI-WAR. On logout, a REST
method in the AJAX-WAR is triggered which calls HttpSession.invalidate() on the user
session.
In WildFly 8.2.0.Final, a HttpSessionListener in the UI-WAR gets notified immediately
about session creation and destruction.
In WildFly 13.0.0.Final, however, a HttpSessionListener in either WAR only gets one of
the two notifications:
* In the UI-WAR, I get a notification about the created session immediately when the
login form is loaded. However, I do not receive any notification about the session
destruction (unless it times out).
* In the AJAX-WAR, I do not get any notification about the session creation at all, but I
immediately receive a notification about the session destruction.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
2146
days inactive
2146
days old
0 comments
1 participants
participants (1)
-
Bartosz Baranowski (JIRA)