[seam-issues] [JBoss JIRA] (JBSEAM-5124) HTTP Basic Authentication causes a hidden IllegalStateException

HTTP Basic Authentication causes a hidden IllegalStateException --------------------------------------------------------------- Key: JBSEAM-5124 URL: https://issues.jboss.org/browse/JBSEAM-5124 Project: Seam 2 Issue Type: Bug Components: Security Affects Versions: 2.3.1.CR1, 2.3.1.Final Environment: JBOSS AS 7.0.2 JSF 2.1 Richfaces 4.3.2 Reporter: Georgi Gyurchev Attachments: AuthenticationFilter.java, ContextualHttpServletRequest.java The built-in Authentication filter causes "javax.servlet.ServletException: java.lang.IllegalStateException: No active event context" on every page that goes through the filter. At least for basic authentication. The user is likely to not see this but it shows in the console and can mess with other functionality. ------------------------------------------------------ I have gone through the Seam classes AuthenticationFilter and ContextualHttpServletRequest and figured out where the problem lies: chain.doFilter() is called between the start and the end of the request and when ContextualHttpServletRequest tries to end the request, the context is not active anymore, I'm not sure exactly why but it seems logical. I'm also not sure why it worked it Seam 2.2. ------------------------------------------------------ The workaround is to make your own filter. I will attach my fix here. To use a custom filter you must specify it in web.xml: <filter> <filter-name>Basic Authentication Filter</filter-name> <filter-class>eu.cleversoft.infonds3.support.AuthenticationFilter</filter-class> </filter> <filter-mapping> <filter-name>Basic Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>