[seam-issues] [JBoss JIRA] (JBSEAM-5124) HTTP Basic Authentication causes a hidden IllegalStateException

Georgi Gyurchev (JIRA) jira-events at lists.jboss.org
Thu Aug 22 11:49:26 EDT 2013


     [ https://issues.jboss.org/browse/JBSEAM-5124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Georgi Gyurchev updated JBSEAM-5124:
------------------------------------

    Description: 
The built-in Authentication filter causes "javax.servlet.ServletException: java.lang.IllegalStateException: No active event context" on every page that goes through the filter. At least for basic authentication.
The user is likely to not see this but it shows in the console and can mess with other functionality.

------------------------------------------------------

I have gone through the Seam classes AuthenticationFilter and ContextualHttpServletRequest and figured out where the problem lies:
chain.doFilter() is called between the start and the end of the request and when ContextualHttpServletRequest tries to end the request, the context is not active anymore, I'm not sure exactly why but it seems logical. I'm also not sure why it worked it Seam 2.2.

------------------------------------------------------

The workaround is to make your own filter. I will attach my fix here. To use a custom filter you must specify it in web.xml:

	<filter>
		<filter-name>Basic Authentication Filter</filter-name>
		<filter-class>eu.cleversoft.infonds3.support.AuthenticationFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>Basic Authentication Filter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

  was:
The built-in Authentication filter causes "javax.servlet.ServletException: java.lang.IllegalStateException: No active event context" on every page that goes through the filter. At least for basic authentication.
The user is likely to not see this but it shows in the console and can mess with other functionality.

------------------------------------------------------

I have gone through the Seam classes AuthenticationFilter and ContextualHttpServletRequest and figured out where the problem lies:
chain.doFilter() is called between the start and the end of the request and when ContextualHttpServletRequest tries to end the request, the context is not active anymore, I'm not sure exactly why but it seems logical. I'm also not sure why it worked it Seam 2.2.

------------------------------------------------------

The workaround is to make your own filter. I will post details in the forum topic because I don't see any options for attachments here.


    
> HTTP Basic Authentication causes a hidden IllegalStateException
> ---------------------------------------------------------------
>
>                 Key: JBSEAM-5124
>                 URL: https://issues.jboss.org/browse/JBSEAM-5124
>             Project: Seam 2
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.3.1.CR1, 2.3.1.Final
>         Environment: JBOSS AS 7.0.2
> JSF 2.1
> Richfaces 4.3.2
>            Reporter: Georgi Gyurchev
>
> The built-in Authentication filter causes "javax.servlet.ServletException: java.lang.IllegalStateException: No active event context" on every page that goes through the filter. At least for basic authentication.
> The user is likely to not see this but it shows in the console and can mess with other functionality.
> ------------------------------------------------------
> I have gone through the Seam classes AuthenticationFilter and ContextualHttpServletRequest and figured out where the problem lies:
> chain.doFilter() is called between the start and the end of the request and when ContextualHttpServletRequest tries to end the request, the context is not active anymore, I'm not sure exactly why but it seems logical. I'm also not sure why it worked it Seam 2.2.
> ------------------------------------------------------
> The workaround is to make your own filter. I will attach my fix here. To use a custom filter you must specify it in web.xml:
> 	<filter>
> 		<filter-name>Basic Authentication Filter</filter-name>
> 		<filter-class>eu.cleversoft.infonds3.support.AuthenticationFilter</filter-class>
> 	</filter>
> 	<filter-mapping>
> 		<filter-name>Basic Authentication Filter</filter-name>
> 		<url-pattern>/*</url-pattern>
> 	</filter-mapping>

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the seam-issues mailing list