[jboss-jira] [JBoss JIRA] (WFLY-10630) HttpSessionListener.sessionDestroyed() not called if session invalidated in another WAR

Bartosz Baranowski (JIRA) issues at jboss.org
Mon Jul 30 04:15:00 EDT 2018 

    [ https://issues.jboss.org/browse/WFLY-10630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13611964#comment-13611964 ] 

Bartosz Baranowski commented on WFLY-10630:
-------------------------------------------

[~bkabelka] Yeah, this wont cut it:
{quote}
HTTP ERROR 405
{quote}

{quote}
10:09:28,362 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException: RESTEASY003650: No resource method found for POST, return 405 with Allow header
        at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:455)
        at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:141)
{quote}


Ive set up domain like:
{quote}
<subsystem xmlns="urn:jboss:domain:security:2.0">
            <security-domains>
                ....
                <security-domain name="sessionlistener">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="file://${jboss.server.config.dir}/application-users.properties"/>
                            <module-option name="rolesProperties" value="file://${jboss.server.config.dir}/application-roles.properties"/>
                        </login-module>
                    </authentication>
                </security-domain>
            </security-domains>
        </subsystem>
{quote}

> HttpSessionListener.sessionDestroyed() not called if session invalidated in another WAR
> ---------------------------------------------------------------------------------------
>
>                 Key: WFLY-10630
>                 URL: https://issues.jboss.org/browse/WFLY-10630
>             Project: WildFly
>          Issue Type: Bug
>          Components: Web (Undertow)
>    Affects Versions: 10.0.0.Final, 13.0.0.Final
>         Environment: Windows 10, Java 1.8.0_131
> Reproducible with both WildFly-10.0.0.Final and Wildfly-13.0.0.Final
>            Reporter: Bernhard Kabelka
>            Assignee: Bartosz Baranowski
>
> For sessions shared across different WARs in a single EAR, the notification of HttpSessionListener works differently in WildFly 10.0.0.Final (and Wildfly 13.0.0.Final) than it it used to work in WildFly 8.2.0.Final:
> I have an EAR containing two WARs with enabled session sharing across the WARs. Basically, one WAR contains the web UI, and the other WAR contains the REST interfaces for AJAX calls made by the UI. The user authenticates against the UI-WAR. On logout, a REST method in the AJAX-WAR is triggered which calls HttpSession.invalidate() on the user session.
> In WildFly 8.2.0.Final, a HttpSessionListener in the UI-WAR gets notified immediately about session creation and destruction.
> In WildFly 13.0.0.Final, however, a HttpSessionListener in either WAR only gets one of the two notifications:
> * In the UI-WAR, I get a notification about the created session immediately when the login form is loaded. However, I do not receive any notification about the session destruction (unless it times out).
> * In the AJAX-WAR, I do not get any notification about the session creation at all, but I immediately receive a notification about the session destruction.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list