4:07 a.m.
[
https://jira.jboss.org/jira/browse/JBSEAM-4003?page=com.atlassian.jira.pl...
]
Shane Bryzak commented on JBSEAM-4003:
--------------------------------------
Ah got it - so we don't want the SecurityInterceptor to intercept calls to hashCode().
Easy enough to fix, I've just wrapped the security check in the following test:
if (!"hashCode".equals(interfaceMethod.getName()))
{
Restriction restriction = getRestriction(interfaceMethod);
if ( restriction != null ) restriction.check(invocation.getParameters());
}
Could you please test this and if it works close the issue.
SecurityInterceptor can fail in a cluster
-----------------------------------------
Key: JBSEAM-4003
URL: https://jira.jboss.org/jira/browse/JBSEAM-4003
Project: Seam
Issue Type: Bug
Reporter: Norman Richards
Assignee: Shane Bryzak
Fix For: 2.1.2.CR1
SecurityInterceptor with an @Restrict clause can cause session replication to fail.
Session replication requires calling the hashCode method. If this method throws an
exception, session replication fails, putting the application in bad state.
15:47:52,701 WARN [/seam-booking] Failed to replicate session mKN0jWfC7HHRYT1vmOeB-Q__
org.jboss.seam.security.NotLoggedInException
at org.jboss.seam.security.Identity.checkRestriction(Identity.java:217)
at
org.jboss.seam.security.SecurityInterceptor$Restriction.check(SecurityInterceptor.java:113)
at
org.jboss.seam.security.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:159)
at
org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.ejb.RemoveInterceptor.aroundInvoke(RemoveInterceptor.java:43)
at
org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at
org.jboss.seam.core.SynchronizationInterceptor.aroundInvoke(SynchronizationInterceptor.java:32)
at
org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:118)
at
org.jboss.seam.intercept.ClientSideInterceptor.invoke(ClientSideInterceptor.java:54)
at
org.javassist.tmp.java.lang.Object_$$_javassist_seam_4.hashCode(Object_$$_javassist_seam_4.java)
at java.util.HashMap$Entry.hashCode(HashMap.java:764)
at java.util.AbstractMap.hashCode(AbstractMap.java:557)
at
org.jboss.ha.framework.server.SimpleCachableMarshalledValue.<init>(SimpleCachableMarshalledValue.java:74)
at
org.jboss.ha.framework.server.SimpleCachableMarshalledValue.<init>(SimpleCachableMarshalledValue.java:80)
at
org.jboss.web.tomcat.service.session.distributedcache.spi.SessionSerializationFactory.createMarshalledValue(SessionSerializationFactory.java:74)
at
org.jboss.web.tomcat.service.session.distributedcache.impl.jbc.AbstractJBossCacheService.getMarshalledValue(AbstractJBossCacheService.java:641)
at
org.jboss.web.tomcat.service.session.distributedcache.impl.jbc.AbstractJBossCacheService.putSession(AbstractJBossCacheService.java:405)
at
org.jboss.web.tomcat.service.session.ClusteredSession.processSessionReplication(ClusteredSession.java:1194)
at
org.jboss.web.tomcat.service.session.JBossCacheManager.processSessionRepl(JBossCacheManager.java:1635)
at
org.jboss.web.tomcat.service.session.JBossCacheManager.storeSession(JBossCacheManager.java:294)
at
org.jboss.web.tomcat.service.session.InstantSnapshotManager.snapshot(InstantSnapshotManager.java:49)
at
org.jboss.web.tomcat.service.session.ClusteredSessionValve.invoke(ClusteredSessionValve.java:120)
at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:613)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira