May 2013 - seam-issues - Jboss List Archives

[JBoss JIRA] (JBSEAM-5104) SoapRequestHandler doesn't create SOAP header if not exists

by Marek Novotny (JIRA)

[ https://issues.jboss.org/browse/JBSEAM-5104?page=com.atlassian.jira.plugi... ] Marek Novotny resolved JBSEAM-5104. ----------------------------------- Resolution: Done > SoapRequestHandler doesn't create SOAP header if not exists > ----------------------------------------------------------- > > Key: JBSEAM-5104 > URL: https://issues.jboss.org/browse/JBSEAM-5104 > Project: Seam 2 > Issue Type: Bug > Components: WS > Affects Versions: 2.3.0.Final > Environment: Fedora 16 64-bit, Mozilla Firefox 3.6.25, Oracle JDK 1.6.0_30 > Reporter: Ron Šmeral > Assignee: Marek Novotny > Fix For: 2.3.1.CR1 > > > The createNewAuctionTest can fail with a NotLoggedInException. > It appears the main cause is the conversation ID not being propagated in SOAP requests by org.jboss.seam.webservice.SOAPRequestHandler. > If there is not SOAP header, Seam should add the header into SOAP message and add the conversation ID into it to propagate conversation. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBSEAM-5104) SoapRequestHandler doesn't create SOAP header if not exists

by Marek Novotny (JIRA)

[ https://issues.jboss.org/browse/JBSEAM-5104?page=com.atlassian.jira.plugi... ] Marek Novotny moved JBPAPP-10766 to JBSEAM-5104: ------------------------------------------------ Project: Seam 2 (was: JBoss Enterprise Application Platform 4 and 5) Key: JBSEAM-5104 (was: JBPAPP-10766) Workflow: GIT Pull Request workflow (was: jira) Affects Version/s: 2.3.0.Final (was: EAP_EWP 5.1.2) Release Notes Docs Status: (was: Documented as Resolved Issue) Writer: (was: ppenicka) Release Notes Text: (was: The <systemitem>SOAPRequestHandler</systemitem> class expected all SOAP messages to contain the <systemitem>SOAPHeader</systemitem> element. When a SOAP message did not contain the element and was processed by the <systemitem>SOAPRequestHandler</systemitem>, the processing failed with a <systemitem>NotLoggedInException</systemitem>. With this update, the <systemitem>SOAPHeader</systemitem> element is added to all processed SOAP messages that don't already contain it. This ensures that the processing succeeds without throwing the exception.) Component/s: WS (was: Seam2) Security: (was: Public) Fix Version/s: 2.3.1.CR1 (was: EAP_EWP 5.2.0) (was: EAP_EWP 5.2.0 ER4) Docs QE Status: (was: NEW) > SoapRequestHandler doesn't create SOAP header if not exists > ----------------------------------------------------------- > > Key: JBSEAM-5104 > URL: https://issues.jboss.org/browse/JBSEAM-5104 > Project: Seam 2 > Issue Type: Bug > Components: WS > Affects Versions: 2.3.0.Final > Environment: Fedora 16 64-bit, Mozilla Firefox 3.6.25, Oracle JDK 1.6.0_30 > Reporter: Ron Šmeral > Assignee: Marek Novotny > Fix For: 2.3.1.CR1 > > > Seam version: 2.2.5.EAP5 (included in EAP 5.1.2.GA) > The seambay example from Seam 2.2 was migrated to EAP6 according to the migration guide on Documentation-Stage (http://documentation-stage.bne.redhat.com/docs/en-US/JBoss_Enterprise_App...) > and the bug was verified to occur with EAP 6.0.0.ER2. > Note: the seambay example ftests first fail due to this issue: https://issues.jboss.org/browse/JBPAPP-8322 > After JBPAPP-8322 is patched, the following problem unfolds: > The createNewAuctionTest (or possibly some other, depending on execution order) fails with a NotLoggedInException. > It appears the main cause is the conversation ID not being propagated in SOAP requests by org.jboss.seam.webservice.SOAPRequestHandler. > There is a patch for this problem: https://gist.github.com/1996490 > The ftest fails with: > {noformat} > [testng] FAILED: createNewAuctionTest > [testng] java.lang.AssertionError: Response area should contain information about creating the auction. > {noformat} > The server log contains: > {noformat} > 22:41:43,995 ERROR [org.jboss.as.webservices.invocation.InvocationHandlerEJB3] (http-localhost-127.0.0.1-8080-4) Method invocation failed with exception: null: org.jboss.seam.security.NotLoggedInException > at org.jboss.seam.security.Identity.checkRestriction(Identity.java:217) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.security.SecurityInterceptor$Restriction.check(SecurityInterceptor.java:113) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.security.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:160) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.example.seambay.AuctionAction_$$_javassist_seam_9.createAuction(AuctionAction_$$_javassist_seam_9.java) [jboss-seam-bay.jar:] > at org.jboss.seam.example.seambay.AuctionService.createAuction(AuctionService.java:56) [jboss-seam-bay.jar:] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_30] > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_30] > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_30] > at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_30] > at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.seam.intercept.EJBInvocationContext.proceed(EJBInvocationContext.java:44) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.security.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:163) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.persistence.EntityManagerProxyInterceptor.aroundInvoke(EntityManagerProxyInterceptor.java:29) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.persistence.HibernateSessionProxyInterceptor.aroundInvoke(HibernateSessionProxyInterceptor.java:30) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:118) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:50) [jboss-seam.jar:2.2.5.EAP5] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_30] > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_30] > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_30] > at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_30] > at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47) [jboss-as-jpa-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:228) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:304) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:190) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.as.webservices.invocation.AbstractInvocationHandlerEJB.invoke(AbstractInvocationHandlerEJB.java:112) > at org.jboss.wsf.stack.cxf.JBossWSInvoker._invokeInternal(JBossWSInvoker.java:181) > at org.jboss.wsf.stack.cxf.JBossWSInvoker.invoke(JBossWSInvoker.java:127) > at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [rt.jar:1.6.0_30] > at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [rt.jar:1.6.0_30] > at java.util.concurrent.FutureTask.run(FutureTask.java:138) [rt.jar:1.6.0_30] > at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37) > at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106) > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) > at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207) > at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91) > at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169) > at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final-redhat-1.jar:1.0.0.Final-redhat-1] > at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) > at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.2.GA-redhat-1.jar:2.0.2.GA-redhat-1] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final-redhat-1.jar:1.0.0.Final-redhat-1] > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) > at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:154) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_30] > 22:41:44,044 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-localhost-127.0.0.1-8080-4) Application {http://seambay.example.seam.jboss.org/}AuctionService#{http://seambay.example.seam.jboss.org/}createAuction has thrown exception, unwinding now: org.apache.cxf.interceptor.Fault > at org.jboss.wsf.stack.cxf.JBossWSInvoker.createFault(JBossWSInvoker.java:246) > at org.jboss.wsf.stack.cxf.JBossWSInvoker._invokeInternal(JBossWSInvoker.java:207) > at org.jboss.wsf.stack.cxf.JBossWSInvoker.invoke(JBossWSInvoker.java:127) > at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [rt.jar:1.6.0_30] > at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [rt.jar:1.6.0_30] > at java.util.concurrent.FutureTask.run(FutureTask.java:138) [rt.jar:1.6.0_30] > at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37) > at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106) > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) > at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207) > at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91) > at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169) > at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185) > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final-redhat-1.jar:1.0.0.Final-redhat-1] > at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) > at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.2.GA-redhat-1.jar:2.0.2.GA-redhat-1] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final-redhat-1.jar:1.0.0.Final-redhat-1] > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) > at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:154) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_30] > Caused by: org.jboss.seam.security.NotLoggedInException > at org.jboss.seam.security.Identity.checkRestriction(Identity.java:217) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.security.SecurityInterceptor$Restriction.check(SecurityInterceptor.java:113) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.security.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:160) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.example.seambay.AuctionAction_$$_javassist_seam_9.createAuction(AuctionAction_$$_javassist_seam_9.java) [jboss-seam-bay.jar:] > at org.jboss.seam.example.seambay.AuctionService.createAuction(AuctionService.java:56) [jboss-seam-bay.jar:] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_30] > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_30] > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_30] > at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_30] > at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.seam.intercept.EJBInvocationContext.proceed(EJBInvocationContext.java:44) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.security.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:163) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.persistence.EntityManagerProxyInterceptor.aroundInvoke(EntityManagerProxyInterceptor.java:29) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.persistence.HibernateSessionProxyInterceptor.aroundInvoke(HibernateSessionProxyInterceptor.java:30) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:118) [jboss-seam.jar:2.2.5.EAP5] > at org.jboss.seam.intercept.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:50) [jboss-seam.jar:2.2.5.EAP5] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_30] > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_30] > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_30] > at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_30] > at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47) [jboss-as-jpa-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:228) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:304) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:190) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32) [jboss-as-ejb3-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final-redhat-1.jar:1.1.1.Final-redhat-1] > at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1] > at org.jboss.as.webservices.invocation.AbstractInvocationHandlerEJB.invoke(AbstractInvocationHandlerEJB.java:112) > at org.jboss.wsf.stack.cxf.JBossWSInvoker._invokeInternal(JBossWSInvoker.java:181) > ... 32 more > {noformat} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBSEAM-5103) Conversation after @End method process does not release ConversationEntry lock

by Marek Novotny (JIRA)

[ https://issues.jboss.org/browse/JBSEAM-5103?page=com.atlassian.jira.plugi... ] Marek Novotny resolved JBSEAM-5103. ----------------------------------- Resolution: Done back ported the fix > Conversation after @End method process does not release ConversationEntry lock > ------------------------------------------------------------------------------ > > Key: JBSEAM-5103 > URL: https://issues.jboss.org/browse/JBSEAM-5103 > Project: Seam 2 > Issue Type: Bug > Components: Core > Affects Versions: 2.3.0.Final > Reporter: Eiichi Nagai > Assignee: Marek Novotny > Fix For: 2.3.1.CR1 > > > ConversationEntry after @End method process is removed by endRequest[1] process and does not release lock. Therefore, when there is a request duplicate with the same Conversation ID by F5 operation etc, since a lock is not released, the request has to wait till the concurrent-request-timeout even if pre-request is already completed. > {code:title=[1] org.jboss.seam.core.Manager.java|borderStyle=solid} > 441: /** > 442: * Touch the conversation stack, destroy ended conversations, > 443: * and timeout inactive conversations. > 444: */ > 445: public void endRequest(Map<String, Object> session) > 446: { > 447: if ( isLongRunningConversation() ) > 448: { > 449: if ( log.isDebugEnabled() ) > 450: { > 451: log.debug("Storing conversation state: " + getCurrentConversationId()); > 452: } > 453: touchConversationStack( getCurrentConversationIdStack() ); > 454: } > 455: else > 456: { > 457: if ( log.isDebugEnabled() ) > 458: { > 459: log.debug("Discarding conversation state: " + getCurrentConversationId()); > 460: } > 461: //now safe to remove the entry > => 462: removeCurrentConversationAndDestroyNestedContexts(session); > 463: } > 464: > 465: /*if ( !Init.instance().isClientSideConversations() ) > 466: {*/ > 467: // difficult question: is it really safe to do this here? > 468: // right now we do have to do it after committing the Seam > 469: // transaction because we can't close EMs inside a txn > 470: // (this might be a bug in HEM) > 471: Manager.instance().conversationTimeout(session); > 472: //} > 473: } > {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBSEAM-5103) Conversation after @End method process does not release ConversationEntry lock

by Marek Novotny (JIRA)

[ https://issues.jboss.org/browse/JBSEAM-5103?page=com.atlassian.jira.plugi... ] Marek Novotny updated JBSEAM-5103: ---------------------------------- Steps to Reproduce: Use seam example : <seam examples>/seamspace 1. Set 60 sec to the concurrent-request-timeout in components.xml. {noformat}<seam examples>/seamspace/resources/WEB-INF/components.xml 19: <core:manager conversation-timeout="120000" 20: concurrent-request-timeout="60000" 21: conversation-id-parameter="cid"/> {noformat} 2. Add a sleep process to ProfileAction.getMemberBlogs() method. {noformat}<seam examples>/seamspace/src/org/jboss/seam/example/seamspace/ProfileAction.java 77: /** 78: * Used to read all blog entries for a member 79: */ 80: @SuppressWarnings("unchecked") 81: @Factory("memberBlogs") 82: public void getMemberBlogs() 83: { + try{ + System.out.println("-- sleep start"); + Thread.sleep(10000L); + System.out.println("-- sleep end"); + }catch(Exception e){} 84: if (name == null && authenticatedMember != null) 85: { 86: name = authenticatedMember.getMemberName(); 87: } 88: 89: memberBlogs = entityManager.createQuery( 90: "from MemberBlog b where b.member.memberName = :memberName order by b.entryDate desc") 91: .setParameter("memberName", name) 92: .getResultList(); 93: } {noformat} 3. Execute 'mvn install;cd seamspace-ear;mvn jboss-as:deploy' command on the <seam examples>/seamspace directory. 4. Start JBoss AS server. 5. Move to 'http://localhost:8080/seam-space/home.seam' with web browser. 6. Login (demo/demo) -> [Create new blog entry] 7. Push the [Add entry] button (You can confirm '-- sleep start' message on stdout) and push the F5 button immediately. 8. You can confirm waiting of the F5 request[1] even if a sleep process has completed and occurring exception[2] after the concurrent-request-timeout. {noformat} [1] "http-127.0.0.1-8080-6" daemon prio=10 tid=0x00007f330800a800 nid=0x2b1c waiting on condition [0x00007f32ff71f000] java.lang.Thread.State: TIMED_WAITING (parking) at sun.misc.Unsafe.park(Native Method) - parking to wait for <0x00000000ee3ee4f0> (a java.util.concurrent.locks.ReentrantLock$FairSync) at java.util.concurrent.locks.LockSupport.parkNanos(LockSupport.java:198) at java.util.concurrent.locks.AbstractQueuedSynchronizer.doAcquireNanos(AbstractQueuedSynchronizer.java:905) at java.util.concurrent.locks.AbstractQueuedSynchronizer.tryAcquireNanos(AbstractQueuedSynchronizer.java:1224) at java.util.concurrent.locks.ReentrantLock.tryLock(ReentrantLock.java:416) at org.jboss.seam.core.ConversationEntry.lock(ConversationEntry.java:221) at org.jboss.seam.core.Manager.restoreAndLockConversation(Manager.java:616) at org.jboss.seam.core.Manager.restoreConversation(Manager.java:603) at org.jboss.seam.jsf.SeamPhaseListener.afterRestoreView(SeamPhaseListener.java:392) at org.jboss.seam.jsf.SeamPhaseListener.afterServletPhase(SeamPhaseListener.java:230) at org.jboss.seam.jsf.SeamPhaseListener.afterPhase(SeamPhaseListener.java:196) at com.sun.faces.lifecycle.Phase.handleAfterPhase(Phase.java:175) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:114) at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:102) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178) at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:295) at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:373) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:500) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74) at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) at java.lang.Thread.run(Thread.java:662) {noformat} {noformat} [2] 10:29:40,999 INFO [stdout] (http--127.0.0.1-8080-4) -- sleep start 10:29:51,000 INFO [stdout] (http--127.0.0.1-8080-4) -- sleep end 10:30:41,494 WARN [org.jboss.seam.jsf.SeamPhaseListener] (http--127.0.0.1-8080-5) uncaught exception, passing to exception handler: org.jboss.seam.ConcurrentRequestTimeoutException: Concurrent call to conversation at org.jboss.seam.core.Manager.restoreAndLockConversation(Manager.java:644) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.core.Manager.restoreConversation(Manager.java:606) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.contexts.Contexts.isPageContextActive(Contexts.java:120) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.jsf.SeamPhaseListener.afterRestoreView(SeamPhaseListener.java:388) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.jsf.SeamPhaseListener.afterServletPhase(SeamPhaseListener.java:229) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.jsf.SeamPhaseListener.afterPhase(SeamPhaseListener.java:195) [jboss-seam.jar:2.3.1-SNAPSHOT] at com.sun.faces.lifecycle.Phase.handleAfterPhase(Phase.java:189) [jsf-impl-2.1.7-jbossorg-2.jar:] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:107) [jsf-impl-2.1.7-jbossorg-2.jar:] at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:116) [jsf-impl-2.1.7-jbossorg-2.jar:] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) [jsf-impl-2.1.7-jbossorg-2.jar:] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:593) [jboss-jsf-api_2.1_spec-2.0.1.Final.jar:2.0.1.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) [jboss-seam.jar:2.3.1-SNAPSHOT] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:] at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:] at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45] -- snip -- {noformat} was: Use seam example : <seam examples>/seamspace 1. Set 60 sec to the concurrent-request-timeout in components.xml. {noformat}<seam examples>/seamspace/resources/WEB-INF/components.xml 19: <core:manager conversation-timeout="120000" 20: concurrent-request-timeout="60000" 21: conversation-id-parameter="cid"/> {noformat} 2. Add a sleep process to ProfileAction.getMemberBlogs() method. {noformat}<seam examples>/seamspace/src/org/jboss/seam/example/seamspace/ProfileAction.java 77: /** 78: * Used to read all blog entries for a member 79: */ 80: @SuppressWarnings("unchecked") 81: @Factory("memberBlogs") 82: public void getMemberBlogs() 83: { + try{ + System.out.println("-- sleep start"); + Thread.sleep(10000L); + System.out.println("-- sleep end"); + }catch(Exception e){} 84: if (name == null && authenticatedMember != null) 85: { 86: name = authenticatedMember.getMemberName(); 87: } 88: 89: memberBlogs = entityManager.createQuery( 90: "from MemberBlog b where b.member.memberName = :memberName order by b.entryDate desc") 91: .setParameter("memberName", name) 92: .getResultList(); 93: } {noformat} 3. Execute 'ant deploy' command on the <seam examples>/seamspace directory. 4. Start EAP server. 5. Move to 'http://localhost:8080/seam-space/home.seam' with web browser. 6. Login (demo/demo) -> [Create new blog entry] 7. Push the [Add entry] button (You can confirm '-- sleep start' message on stdout) and push the F5 button immediately. 8. You can confirm waiting of the F5 request[1] even if a sleep process has completed and occurring exception[2] after the concurrent-request-timeout. {noformat} [1] "http-127.0.0.1-8080-6" daemon prio=10 tid=0x00007f330800a800 nid=0x2b1c waiting on condition [0x00007f32ff71f000] java.lang.Thread.State: TIMED_WAITING (parking) at sun.misc.Unsafe.park(Native Method) - parking to wait for <0x00000000ee3ee4f0> (a java.util.concurrent.locks.ReentrantLock$FairSync) at java.util.concurrent.locks.LockSupport.parkNanos(LockSupport.java:198) at java.util.concurrent.locks.AbstractQueuedSynchronizer.doAcquireNanos(AbstractQueuedSynchronizer.java:905) at java.util.concurrent.locks.AbstractQueuedSynchronizer.tryAcquireNanos(AbstractQueuedSynchronizer.java:1224) at java.util.concurrent.locks.ReentrantLock.tryLock(ReentrantLock.java:416) at org.jboss.seam.core.ConversationEntry.lock(ConversationEntry.java:221) at org.jboss.seam.core.Manager.restoreAndLockConversation(Manager.java:616) at org.jboss.seam.core.Manager.restoreConversation(Manager.java:603) at org.jboss.seam.jsf.SeamPhaseListener.afterRestoreView(SeamPhaseListener.java:392) at org.jboss.seam.jsf.SeamPhaseListener.afterServletPhase(SeamPhaseListener.java:230) at org.jboss.seam.jsf.SeamPhaseListener.afterPhase(SeamPhaseListener.java:196) at com.sun.faces.lifecycle.Phase.handleAfterPhase(Phase.java:175) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:114) at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:102) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178) at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:295) at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:373) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:500) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74) at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) at java.lang.Thread.run(Thread.java:662) {noformat} {noformat} [2] 11:36:25,106 INFO [STDOUT] -- sleep start 11:36:35,107 INFO [STDOUT] -- sleep end 11:37:26,420 WARN [SeamPhaseListener] uncaught exception, passing to exception handler org.jboss.seam.ConcurrentRequestTimeoutException: Concurrent call to conversation at org.jboss.seam.core.Manager.restoreAndLockConversation(Manager.java:641) at org.jboss.seam.core.Manager.restoreConversation(Manager.java:603) at org.jboss.seam.jsf.SeamPhaseListener.afterRestoreView(SeamPhaseListener.java:392) at org.jboss.seam.jsf.SeamPhaseListener.afterServletPhase(SeamPhaseListener.java:230) at org.jboss.seam.jsf.SeamPhaseListener.afterPhase(SeamPhaseListener.java:196) at com.sun.faces.lifecycle.Phase.handleAfterPhase(Phase.java:175) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:114) at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:102) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) -- snip -- 11:37:26,434 SEVERE [viewhandler] Error Rendering View[/createBlog.xhtml] java.lang.IllegalStateException: No active conversation context at org.jboss.seam.core.Conversation.instance(Conversation.java:122) at org.jboss.seam.ui.component.UIConversationId.getName(UIConversationId.java:44) at org.jboss.seam.ui.util.ViewUrlBuilder.addParameter(ViewUrlBuilder.java:42) at org.jboss.seam.ui.component.UISeamCommandBase.getUrl(UISeamCommandBase.java:85) at org.jboss.seam.ui.renderkit.LinkRendererBase.doEncodeBegin(LinkRendererBase.java:26) at org.jboss.seam.ui.util.cdk.RendererBase.encodeBegin(RendererBase.java:79) -- snip -- {noformat} > Conversation after @End method process does not release ConversationEntry lock > ------------------------------------------------------------------------------ > > Key: JBSEAM-5103 > URL: https://issues.jboss.org/browse/JBSEAM-5103 > Project: Seam 2 > Issue Type: Bug > Components: Core > Affects Versions: 2.3.0.Final > Reporter: Eiichi Nagai > Assignee: Marek Novotny > Fix For: 2.3.1.CR1 > > > ConversationEntry after @End method process is removed by endRequest[1] process and does not release lock. Therefore, when there is a request duplicate with the same Conversation ID by F5 operation etc, since a lock is not released, the request has to wait till the concurrent-request-timeout even if pre-request is already completed. > {code:title=[1] org.jboss.seam.core.Manager.java|borderStyle=solid} > 441: /** > 442: * Touch the conversation stack, destroy ended conversations, > 443: * and timeout inactive conversations. > 444: */ > 445: public void endRequest(Map<String, Object> session) > 446: { > 447: if ( isLongRunningConversation() ) > 448: { > 449: if ( log.isDebugEnabled() ) > 450: { > 451: log.debug("Storing conversation state: " + getCurrentConversationId()); > 452: } > 453: touchConversationStack( getCurrentConversationIdStack() ); > 454: } > 455: else > 456: { > 457: if ( log.isDebugEnabled() ) > 458: { > 459: log.debug("Discarding conversation state: " + getCurrentConversationId()); > 460: } > 461: //now safe to remove the entry > => 462: removeCurrentConversationAndDestroyNestedContexts(session); > 463: } > 464: > 465: /*if ( !Init.instance().isClientSideConversations() ) > 466: {*/ > 467: // difficult question: is it really safe to do this here? > 468: // right now we do have to do it after committing the Seam > 469: // transaction because we can't close EMs inside a txn > 470: // (this might be a bug in HEM) > 471: Manager.instance().conversationTimeout(session); > 472: //} > 473: } > {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBSEAM-5103) Conversation after @End method process does not release ConversationEntry lock

by Marek Novotny (JIRA)

[ https://issues.jboss.org/browse/JBSEAM-5103?page=com.atlassian.jira.plugi... ] Marek Novotny updated JBSEAM-5103: ---------------------------------- Summary: Conversation after @End method process does not release ConversationEntry lock (was: CLONE - Conversation after @End method process does not release ConversationEntry lock) > Conversation after @End method process does not release ConversationEntry lock > ------------------------------------------------------------------------------ > > Key: JBSEAM-5103 > URL: https://issues.jboss.org/browse/JBSEAM-5103 > Project: Seam 2 > Issue Type: Bug > Components: Core > Affects Versions: 2.3.0.Final > Reporter: Eiichi Nagai > Assignee: Marek Novotny > Fix For: 2.3.1.CR1 > > > ConversationEntry after @End method process is removed by endRequest[1] process and does not release lock. Therefore, when there is a request duplicate with the same Conversation ID by F5 operation etc, since a lock is not released, the request has to wait till the concurrent-request-timeout even if pre-request is already completed. > {code:title=[1] org.jboss.seam.core.Manager.java|borderStyle=solid} > 441: /** > 442: * Touch the conversation stack, destroy ended conversations, > 443: * and timeout inactive conversations. > 444: */ > 445: public void endRequest(Map<String, Object> session) > 446: { > 447: if ( isLongRunningConversation() ) > 448: { > 449: if ( log.isDebugEnabled() ) > 450: { > 451: log.debug("Storing conversation state: " + getCurrentConversationId()); > 452: } > 453: touchConversationStack( getCurrentConversationIdStack() ); > 454: } > 455: else > 456: { > 457: if ( log.isDebugEnabled() ) > 458: { > 459: log.debug("Discarding conversation state: " + getCurrentConversationId()); > 460: } > 461: //now safe to remove the entry > => 462: removeCurrentConversationAndDestroyNestedContexts(session); > 463: } > 464: > 465: /*if ( !Init.instance().isClientSideConversations() ) > 466: {*/ > 467: // difficult question: is it really safe to do this here? > 468: // right now we do have to do it after committing the Seam > 469: // transaction because we can't close EMs inside a txn > 470: // (this might be a bug in HEM) > 471: Manager.instance().conversationTimeout(session); > 472: //} > 473: } > {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBSEAM-5103) CLONE - Conversation after @End method process does not release ConversationEntry lock

by Marek Novotny (JIRA)

[ https://issues.jboss.org/browse/JBSEAM-5103?page=com.atlassian.jira.plugi... ] Marek Novotny moved JBPAPP-10765 to JBSEAM-5103: ------------------------------------------------ Project: Seam 2 (was: JBoss Enterprise Application Platform 4 and 5) Key: JBSEAM-5103 (was: JBPAPP-10765) Workflow: GIT Pull Request workflow (was: jira) Affects Version/s: 2.3.0.Final (was: EAP_EWP 5.1.2) Component/s: Core (was: Seam2) Security: (was: Public) Fix Version/s: 2.3.1.CR1 (was: EAP_EWP 5.3.0) Docs QE Status: (was: NEW) > CLONE - Conversation after @End method process does not release ConversationEntry lock > -------------------------------------------------------------------------------------- > > Key: JBSEAM-5103 > URL: https://issues.jboss.org/browse/JBSEAM-5103 > Project: Seam 2 > Issue Type: Bug > Components: Core > Affects Versions: 2.3.0.Final > Reporter: Eiichi Nagai > Assignee: Marek Novotny > Fix For: 2.3.1.CR1 > > > ConversationEntry after @End method process is removed by endRequest[1] process and does not release lock. Therefore, when there is a request duplicate with the same Conversation ID by F5 operation etc, since a lock is not released, the request has to wait till the concurrent-request-timeout even if pre-request is already completed. > {code:title=[1] org.jboss.seam.core.Manager.java|borderStyle=solid} > 441: /** > 442: * Touch the conversation stack, destroy ended conversations, > 443: * and timeout inactive conversations. > 444: */ > 445: public void endRequest(Map<String, Object> session) > 446: { > 447: if ( isLongRunningConversation() ) > 448: { > 449: if ( log.isDebugEnabled() ) > 450: { > 451: log.debug("Storing conversation state: " + getCurrentConversationId()); > 452: } > 453: touchConversationStack( getCurrentConversationIdStack() ); > 454: } > 455: else > 456: { > 457: if ( log.isDebugEnabled() ) > 458: { > 459: log.debug("Discarding conversation state: " + getCurrentConversationId()); > 460: } > 461: //now safe to remove the entry > => 462: removeCurrentConversationAndDestroyNestedContexts(session); > 463: } > 464: > 465: /*if ( !Init.instance().isClientSideConversations() ) > 466: {*/ > 467: // difficult question: is it really safe to do this here? > 468: // right now we do have to do it after committing the Seam > 469: // transaction because we can't close EMs inside a txn > 470: // (this might be a bug in HEM) > 471: Manager.instance().conversationTimeout(session); > 472: //} > 473: } > {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBSEAM-5102) Seam examples use unencrypted client-side view state

by Marek Novotny (JIRA)

[ https://issues.jboss.org/browse/JBSEAM-5102?page=com.atlassian.jira.plugi... ] Marek Novotny updated JBSEAM-5102: ---------------------------------- Summary: Seam examples use unencrypted client-side view state (was: CLONE - Seam examples use unencrypted client-side view state) Affects: (was: Release Notes) > Seam examples use unencrypted client-side view state > ---------------------------------------------------- > > Key: JBSEAM-5102 > URL: https://issues.jboss.org/browse/JBSEAM-5102 > Project: Seam 2 > Issue Type: Bug > Components: Examples > Affects Versions: 2.3.0.Final > Reporter: David Jorm > Assignee: Marek Novotny > Fix For: 2.3.1.CR1 > > > Some seam examples use unencrypted client-side view state. For example, on EAP 5.1.1: > jboss-eap-5.1/seam/examples/seambay/resources/WEB-INF/web.xml > Contains: > <context-param> > <param-name>javax.faces.STATE_SAVING_METHOD</param-name> > <param-value>client</param-value> > </context-param> > But not a corresponding ClientStateSavingPassword value to enable encryption. This renders the example applications vulnerable to CVE-2010-2087: > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2087 > Please either change the STATE_SAVING_METHOD to server or enable encryption: > <env-entry> > <env-entry-name>ClientStateSavingPassword</env-entry-name> > <env-entry-type>java.lang.String</env-entry-type> > <env-entry-value>INSERT_YOUR_PASSWORD</env-entry-value> > </env-entry> -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBSEAM-5102) CLONE - Seam examples use unencrypted client-side view state

by Marek Novotny (JIRA)

[ https://issues.jboss.org/browse/JBSEAM-5102?page=com.atlassian.jira.plugi... ] Marek Novotny moved JBPAPP-10764 to JBSEAM-5102: ------------------------------------------------ Project: Seam 2 (was: JBoss Enterprise Application Platform 4 and 5) Key: JBSEAM-5102 (was: JBPAPP-10764) Workflow: GIT Pull Request workflow (was: jira) Affects Version/s: 2.3.0.Final (was: EAP_EWP 5.1.1) Release Notes Docs Status: (was: Documented as Resolved Issue) Writer: (was: ppenicka) Release Notes Text: (was: Previously, Seam examples stored in <filename>JBOSS_HOME/seam/examples</filename> used unencrypted client-side view state. This made the example applications vulnerable to cross-site scripting (XSS) attacks or execution of arbitrary Expression Language (EL) statements (CVE-2010-2087). With this update, the examples use server-side view state, which eliminates these vulnerabilities.) Component/s: Examples (was: Seam) Security: (was: JBoss Internal) Fix Version/s: 2.3.1.CR1 (was: EAP_EWP 5.2.0) Docs QE Status: (was: NEW) > CLONE - Seam examples use unencrypted client-side view state > ------------------------------------------------------------ > > Key: JBSEAM-5102 > URL: https://issues.jboss.org/browse/JBSEAM-5102 > Project: Seam 2 > Issue Type: Bug > Components: Examples > Affects Versions: 2.3.0.Final > Reporter: David Jorm > Assignee: Marek Novotny > Fix For: 2.3.1.CR1 > > > Some seam examples use unencrypted client-side view state. For example, on EAP 5.1.1: > jboss-eap-5.1/seam/examples/seambay/resources/WEB-INF/web.xml > Contains: > <context-param> > <param-name>javax.faces.STATE_SAVING_METHOD</param-name> > <param-value>client</param-value> > </context-param> > But not a corresponding ClientStateSavingPassword value to enable encryption. This renders the example applications vulnerable to CVE-2010-2087: > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2087 > Please either change the STATE_SAVING_METHOD to server or enable encryption: > <env-entry> > <env-entry-name>ClientStateSavingPassword</env-entry-name> > <env-entry-type>java.lang.String</env-entry-type> > <env-entry-value>INSERT_YOUR_PASSWORD</env-entry-value> > </env-entry> -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBSEAM-5101) Seam Reference Documentation - invalid code samples

by Marek Novotny (JIRA)

[ https://issues.jboss.org/browse/JBSEAM-5101?page=com.atlassian.jira.plugi... ] Marek Novotny updated JBSEAM-5101: ---------------------------------- Summary: Seam Reference Documentation - invalid code samples (was: CLONE:Seam Reference Documentation - invalid code samples) Affects Version/s: 2.3.0.Final 2.2.2.Final Affects: Documentation (Ref Guide, User Guide, etc.) (was: Release Notes) > Seam Reference Documentation - invalid code samples > --------------------------------------------------- > > Key: JBSEAM-5101 > URL: https://issues.jboss.org/browse/JBSEAM-5101 > Project: Seam 2 > Issue Type: Bug > Components: Documentation Issues > Affects Versions: 2.2.2.Final, 2.3.0.Final > Reporter: Jozef Hartinger > Assignee: Marek Novotny > Priority: Minor > Fix For: 2.3.1.Final > > > Section 6.2 > - missing ">" in the components start tag (in three code samples in the section) > Section 23.4.1 > - missing quote > - should be xsi:schemaLocation=" instead of xsi:schemaLocation= -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JBSEAM-5101) CLONE:Seam Reference Documentation - invalid code samples

by Marek Novotny (JIRA)

[ https://issues.jboss.org/browse/JBSEAM-5101?page=com.atlassian.jira.plugi... ] Marek Novotny moved JBPAPP-10763 to JBSEAM-5101: ------------------------------------------------ Project: Seam 2 (was: JBoss Enterprise Application Platform 4 and 5) Key: JBSEAM-5101 (was: JBPAPP-10763) Workflow: GIT Pull Request workflow (was: jira) Component/s: Documentation Issues (was: Seam) (was: Documentation) Security: (was: Public) Fix Version/s: 2.3.1.Final (was: EAP_EWP 5.1.0) > CLONE:Seam Reference Documentation - invalid code samples > --------------------------------------------------------- > > Key: JBSEAM-5101 > URL: https://issues.jboss.org/browse/JBSEAM-5101 > Project: Seam 2 > Issue Type: Bug > Components: Documentation Issues > Reporter: Jozef Hartinger > Assignee: Marek Novotny > Priority: Minor > Fix For: 2.3.1.Final > > > Section 6.2 > - missing ">" in the components start tag (in three code samples in the section) > Section 23.4.1 > - missing quote > - should be xsi:schemaLocation=" instead of xsi:schemaLocation= -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 9 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

seam-issues May 2013