[jboss-jira] [JBoss JIRA] (WFLY-2369) request.getSession() throws IllegalStateException in distributable webapp

Paul Ferraro (JIRA) issues at jboss.org
Fri May 23 15:43:58 EDT 2014 

    [ https://issues.jboss.org/browse/WFLY-2369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12970242#comment-12970242 ] 

Paul Ferraro commented on WFLY-2369:
------------------------------------

Just to say, stuff like this can happen in 8.0.0 when using asynchronous replication (the default) if the load balancer does not use session affinity.  In 8.1.0 we force locking on infinispan cache reads which should prevent this issue.

> request.getSession() throws IllegalStateException in distributable webapp
> -------------------------------------------------------------------------
>
>                 Key: WFLY-2369
>                 URL: https://issues.jboss.org/browse/WFLY-2369
>             Project: WildFly
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Web (Undertow)
>    Affects Versions: 8.0.0.Beta1
>            Reporter: Jonathan Fuerth
>            Assignee: Paul Ferraro
>
> A webapp I'm working is experiencing an IllegalStateException from calling the no-args request.getSession() method. The app has the <distributable/> marker in its web.xml. Taking <distributable/> out makes this issue go away.
> Here is the stack trace:
> {code}
> 17:29:05,728 DEBUG [org.uberfire.security.server.UberFireSecurityFilter] (default task-1) Authentication failure. Sending HTTP 401 response.: org.uberfire.security.auth.AuthenticationException: Validation fails.
> 	at org.uberfire.security.server.HttpSecurityManagerImpl.authenticate(HttpSecurityManagerImpl.java:220) [uberfire-security-server-0.4.0-SNAPSHOT.jar:0.4.0-SNAPSHOT]
> 	at org.uberfire.security.server.UberFireSecurityFilter.authenticate(UberFireSecurityFilter.java:333) [uberfire-security-server-0.4.0-SNAPSHOT.jar:0.4.0-SNAPSHOT]
> 	at org.uberfire.security.server.UberFireSecurityFilter.doFilter(UberFireSecurityFilter.java:277) [uberfire-security-server-0.4.0-SNAPSHOT.jar:0.4.0-SNAPSHOT]
> 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:59) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:81)
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:52) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:65) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:70) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:218) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:205) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:69) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:134) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.server.HttpHandlers.executeRootHandler(HttpHandlers.java:36) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:619) [undertow-core-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
> 	at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
> Caused by: java.lang.IllegalStateException: UT000028: Session Q2FoOHf4ij6rcxT6v_9WsBOG already exists
> 	at org.wildfly.clustering.web.undertow.session.SessionManagerAdapter.createSession(SessionManagerAdapter.java:98)
> 	at io.undertow.servlet.spec.ServletContextImpl.getSession(ServletContextImpl.java:680) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.servlet.spec.HttpServletRequestImpl.getSession(HttpServletRequestImpl.java:340) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at io.undertow.servlet.spec.HttpServletRequestImpl.getSession(HttpServletRequestImpl.java:345) [undertow-servlet-1.0.0.Beta17.jar:1.0.0.Beta17]
> 	at org.uberfire.security.server.auth.HttpSessionStorage.load(HttpSessionStorage.java:36) [uberfire-security-server-0.4.0-SNAPSHOT.jar:0.4.0-SNAPSHOT]
> 	at org.uberfire.security.server.auth.HttpAuthenticationManager.authenticate(HttpAuthenticationManager.java:87) [uberfire-security-server-0.4.0-SNAPSHOT.jar:0.4.0-SNAPSHOT]
> 	at org.uberfire.security.server.HttpSecurityManagerImpl.authenticate(HttpSecurityManagerImpl.java:216) [uberfire-security-server-0.4.0-SNAPSHOT.jar:0.4.0-SNAPSHOT]
> 	... 25 more
> {code}
> In case you need to see it, the source code for the app that generated this trace is at https://github.com/jfuerth/errai-cdi-workbench/tree/11794888a873ae7182524d7978215a8e36002fa1
> For completeness, the snapshot versions of its dependencies come from these git commits in the respective projects.
> * Errai: bd130e238ed39a90d513e366336b0e20b8761146
> * UberFire: 3756076ce8005ba1b0cbab6745b5d274c97d56d8
> If you need to dig this deep, please ping me. I'm happy to help :)



--
This message was sent by Atlassian JIRA
(v6.2.3#6260)

More information about the jboss-jira mailing list