[jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-4003) SecurityInterceptor can fail in a cluster

Norman Richards (JIRA) jira-events at lists.jboss.org
Mon Mar 9 18:50:22 EDT 2009 

     [ https://jira.jboss.org/jira/browse/JBSEAM-4003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Norman Richards updated JBSEAM-4003:
------------------------------------

    Assignee: Shane Bryzak


Shane, I'll pass this off to you for comment.  The obvious fix of testing for the hashCode method and bypassing restrictions solves the problem.  This is probably reasonably as hashCode is a system function and not a business function.  However,  perhaps there is more general solution?  I suspect that we would possibly want to allow other java.lang.Object methods.

Note that it should be possible to work around this with @BypassInterceptors, but there's currently a bug related to that that is keeping Seam from seeing the annotation.  

> SecurityInterceptor can fail in a cluster
> -----------------------------------------
>
>                 Key: JBSEAM-4003
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-4003
>             Project: Seam
>          Issue Type: Bug
>            Reporter: Norman Richards
>            Assignee: Shane Bryzak
>             Fix For: 2.1.2.CR1
>
>
> SecurityInterceptor with an @Restrict clause can cause session replication to fail.  Session replication requires calling the hashCode method.  If this method throws an exception, session replication fails, putting the application in bad state.
> 15:47:52,701 WARN  [/seam-booking] Failed to replicate session mKN0jWfC7HHRYT1vmOeB-Q__
> org.jboss.seam.security.NotLoggedInException
>         at org.jboss.seam.security.Identity.checkRestriction(Identity.java:217)
>         at org.jboss.seam.security.SecurityInterceptor$Restriction.check(SecurityInterceptor.java:113)
>         at org.jboss.seam.security.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:159)
>         at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
>         at org.jboss.seam.ejb.RemoveInterceptor.aroundInvoke(RemoveInterceptor.java:43)
>         at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
>         at org.jboss.seam.core.SynchronizationInterceptor.aroundInvoke(SynchronizationInterceptor.java:32)
>         at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
>         at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:118)
>         at org.jboss.seam.intercept.ClientSideInterceptor.invoke(ClientSideInterceptor.java:54)
>         at org.javassist.tmp.java.lang.Object_$$_javassist_seam_4.hashCode(Object_$$_javassist_seam_4.java)
>         at java.util.HashMap$Entry.hashCode(HashMap.java:764)
>         at java.util.AbstractMap.hashCode(AbstractMap.java:557)
>         at org.jboss.ha.framework.server.SimpleCachableMarshalledValue.<init>(SimpleCachableMarshalledValue.java:74)
>         at org.jboss.ha.framework.server.SimpleCachableMarshalledValue.<init>(SimpleCachableMarshalledValue.java:80)
>         at org.jboss.web.tomcat.service.session.distributedcache.spi.SessionSerializationFactory.createMarshalledValue(SessionSerializationFactory.java:74)
>         at org.jboss.web.tomcat.service.session.distributedcache.impl.jbc.AbstractJBossCacheService.getMarshalledValue(AbstractJBossCacheService.java:641)
>         at org.jboss.web.tomcat.service.session.distributedcache.impl.jbc.AbstractJBossCacheService.putSession(AbstractJBossCacheService.java:405)
>         at org.jboss.web.tomcat.service.session.ClusteredSession.processSessionReplication(ClusteredSession.java:1194)
>         at org.jboss.web.tomcat.service.session.JBossCacheManager.processSessionRepl(JBossCacheManager.java:1635)
>         at org.jboss.web.tomcat.service.session.JBossCacheManager.storeSession(JBossCacheManager.java:294)
>         at org.jboss.web.tomcat.service.session.InstantSnapshotManager.snapshot(InstantSnapshotManager.java:49)
>         at org.jboss.web.tomcat.service.session.ClusteredSessionValve.invoke(ClusteredSessionValve.java:120)
>         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
>         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
>         at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
>         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
>         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
>         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>         at java.lang.Thread.run(Thread.java:613)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list