Details

    • Type: Sub-task Sub-task
    • Status: Closed Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: security-0.4.3
    • Fix Version/s: security-0.4.4
    • Component/s: security
    • Labels:
      None
    • Environment:
      Glassfish
    • Number of attachments :
      0

      Description

      Because of the session copy (not the original session)
      that is now passed in the filter in case chain==null,
      when logout occurs the two sessions get out of sync and
      Shiro still thinks that it is logged in, leading to
      the invalid session exception.

      Not sure what the premise of this patch was, but
      I am not sure how to fix it without rolling it back.

      ---------------------------------
      SEVERE: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated
      SEVERE: Operations trace:
      SEVERE: [ 1] Triggering event 'action' on ChangePassword:passwordform
      SEVERE: [ 2] Triggering event 'success' on ChangePassword:passwordform
      SEVERE: Processing of request failed with uncaught exception: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated
      org.apache.tapestry5.runtime.ComponentEventException: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated [at classpath:com/baw/admin/web/pages/ChangePassword.tml, line 104]
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.processEventTriggering(ComponentPageElementImpl.java:1130)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.access$3200(ComponentPageElementImpl.java:61)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl$5.invoke(ComponentPageElementImpl.java:1051)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl$5.invoke(ComponentPageElementImpl.java:1048)
      at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:74)
      at org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.invoke(PerThreadOperationTracker.java:87)
      at org.apache.tapestry5.ioc.internal.RegistryImpl.invoke(RegistryImpl.java:1121)
      at org.apache.tapestry5.internal.structure.ComponentPageElementResourcesImpl.invoke(ComponentPageElementResourcesImpl.java:146)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1047)
      at org.apache.tapestry5.internal.services.ComponentEventRequestHandlerImpl.handle(ComponentEventRequestHandlerImpl.java:81)
      at org.apache.tapestry5.internal.services.ImmediateActionRenderResponseFilter.handle(ImmediateActionRenderResponseFilter.java:42)
      at $ComponentEventRequestHandler_127d3b8a5524c7dc.handle(Unknown Source)
      at org.apache.tapestry5.internal.services.AjaxFilter.handle(AjaxFilter.java:42)
      at $ComponentEventRequestHandler_127d3b8a5524c7dc.handle(Unknown Source)
      at org.apache.tapestry5.upload.internal.services.UploadExceptionFilter.handle(UploadExceptionFilter.java:75)
      at $ComponentEventRequestHandler_127d3b8a5524c7dc.handle(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$40.handle(TapestryModule.java:2456)
      at $ComponentEventRequestHandler_127d3b8a5524c7dc.handle(Unknown Source)
      at $ComponentEventRequestHandler_127d3b8a5524c756.handle(Unknown Source)
      at org.apache.tapestry5.internal.services.ComponentRequestHandlerTerminator.handleComponentEvent(ComponentRequestHandlerTerminator.java:43)
      at org.apache.tapestry5.services.InitializeActivePageName.handleComponentEvent(InitializeActivePageName.java:39)
      at $ComponentRequestHandler_127d3b8a5524c758.handleComponentEvent(Unknown Source)
      at org.tynamo.security.SecurityComponentRequestFilter.handleComponentEvent(SecurityComponentRequestFilter.java:42)
      at com.flowlogix.web.services.internal.SecurityInterceptorFilter$1.run(SecurityInterceptorFilter.java:46)
      at com.flowlogix.web.services.internal.SecurityInterceptorFilter$1.run(SecurityInterceptorFilter.java:41)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.Subject.doAs(Subject.java:337)
      at com.flowlogix.web.services.internal.SecurityInterceptorFilter.handleComponentEvent(SecurityInterceptorFilter.java:40)
      at $ComponentRequestFilter_127d3b8a5524c755.handleComponentEvent(Unknown Source)
      at $ComponentRequestHandler_127d3b8a5524c758.handleComponentEvent(Unknown Source)
      at $ComponentRequestHandler_127d3b8a5524c72b.handleComponentEvent(Unknown Source)
      at org.apache.tapestry5.internal.services.ComponentEventDispatcher.dispatch(ComponentEventDispatcher.java:46)
      at $Dispatcher_127d3b8a5524c72d.dispatch(Unknown Source)
      at $Dispatcher_127d3b8a5524c728.dispatch(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$RequestHandlerTerminator.service(TapestryModule.java:302)
      at com.flowlogix.web.services.SecurityModule$1.service(SecurityModule.java:85)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:902)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:892)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:90)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:105)
      at org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:95)
      at org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
      at org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:119)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at $RequestHandler_127d3b8a5524c718.service(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:253)
      at com.flowlogix.web.services.internal.GwtCachingFilter.service(GwtCachingFilter.java:78)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.tynamo.security.services.impl.SecurityConfiguration$2.call(SecurityConfiguration.java:106)
      at org.tynamo.security.services.impl.SecurityConfiguration$2.call(SecurityConfiguration.java:104)
      at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
      at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
      at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:380)
      at org.tynamo.security.services.impl.SecurityConfiguration.service(SecurityConfiguration.java:104)
      at $HttpServletRequestFilter_127d3b8a5524c714.service(Unknown Source)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.apache.tapestry5.upload.internal.services.MultipartServletRequestFilter.service(MultipartServletRequestFilter.java:44)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
      at $HttpServletRequestFilter_127d3b8a5524c715.service(Unknown Source)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at $HttpServletRequestHandler_127d3b8a5524c711.service(Unknown Source)
      at org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
      at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
      at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
      at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
      at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
      at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
      at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
      at com.sun.grizzly.comet.CometEngine.executeServlet(CometEngine.java:444)
      at com.sun.grizzly.comet.CometEngine.handle(CometEngine.java:308)
      at com.sun.grizzly.comet.CometAsyncFilter.doFilter(CometAsyncFilter.java:87)
      at com.sun.grizzly.arp.DefaultAsyncExecutor.invokeFilters(DefaultAsyncExecutor.java:171)
      at com.sun.grizzly.arp.DefaultAsyncExecutor.interrupt(DefaultAsyncExecutor.java:143)
      at com.sun.grizzly.arp.AsyncProcessorTask.doTask(AsyncProcessorTask.java:94)
      at com.sun.grizzly.http.TaskBase.run(TaskBase.java:193)
      at com.sun.grizzly.http.TaskBase.execute(TaskBase.java:175)
      at com.sun.grizzly.arp.DefaultAsyncHandler.handle(DefaultAsyncHandler.java:145)
      at com.sun.grizzly.arp.AsyncProtocolFilter.execute(AsyncProtocolFilter.java:204)
      at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
      at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
      at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
      at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
      at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
      at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
      at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
      at java.lang.Thread.run(Thread.java:680)
      Caused by: org.apache.tapestry5.ioc.internal.OperationException: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated [at classpath:com/baw/admin/web/pages/ChangePassword.tml, line 104]
      at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.logAndRethrow(OperationTrackerImpl.java:121)
      at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:88)
      at org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.invoke(PerThreadOperationTracker.java:87)
      at org.apache.tapestry5.ioc.internal.RegistryImpl.invoke(RegistryImpl.java:1121)
      at org.apache.tapestry5.internal.structure.ComponentPageElementResourcesImpl.invoke(ComponentPageElementResourcesImpl.java:146)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1047)
      at org.apache.tapestry5.internal.structure.InternalComponentResourcesImpl.triggerContextEvent(InternalComponentResourcesImpl.java:302)
      at org.apache.tapestry5.corelib.components.Form.advised$onAction_127d3b8a5524c792(Form.java:545)
      at org.apache.tapestry5.corelib.components.Form$Invocation_onAction_127d3b8a5524c791.proceedToAdvisedMethod(Unknown Source)
      at org.apache.tapestry5.internal.plastic.AbstractMethodInvocation.proceed(AbstractMethodInvocation.java:84)
      at org.apache.tapestry5.ioc.internal.services.LoggingAdvice.advise(LoggingAdvice.java:37)
      at org.apache.tapestry5.internal.plastic.AbstractMethodInvocation.proceed(AbstractMethodInvocation.java:86)
      at org.apache.tapestry5.corelib.components.Form.onAction(Form.java)
      at org.apache.tapestry5.corelib.components.Form.dispatchComponentEvent(Form.java)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.dispatchEvent(ComponentPageElementImpl.java:923)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.processEventTriggering(ComponentPageElementImpl.java:1106)
      ... 105 more
      Caused by: org.apache.tapestry5.runtime.ComponentEventException: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated [at classpath:com/baw/admin/web/pages/ChangePassword.tml, line 104]
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.processEventTriggering(ComponentPageElementImpl.java:1130)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.access$3200(ComponentPageElementImpl.java:61)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl$5.invoke(ComponentPageElementImpl.java:1051)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl$5.invoke(ComponentPageElementImpl.java:1048)
      at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:74)
      ... 119 more
      Caused by: java.lang.IllegalStateException: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated
      at org.apache.shiro.web.servlet.ShiroHttpSession.getKeyNames(ShiroHttpSession.java:147)
      at org.apache.shiro.web.servlet.ShiroHttpSession.getAttributeNames(ShiroHttpSession.java:162)
      at org.apache.tapestry5.internal.services.SessionImpl.getAttributeNames(SessionImpl.java:64)
      at org.apache.tapestry5.internal.services.AbstractSessionPersistentFieldStrategy.discardChanges(AbstractSessionPersistentFieldStrategy.java:80)
      at org.apache.tapestry5.internal.services.PersistentFieldManagerImpl.discardChanges(PersistentFieldManagerImpl.java:72)
      at $PersistentFieldManager_127d3b8a5524c777.discardChanges(Unknown Source)
      at org.apache.tapestry5.internal.structure.PageImpl.discardPersistentFieldChanges(PageImpl.java:241)
      at org.apache.tapestry5.internal.structure.InternalComponentResourcesImpl.discardPersistentFieldChanges(InternalComponentResourcesImpl.java:231)
      at org.apache.tapestry5.internal.transform.DiscardAfterWorker$1.advise(DiscardAfterWorker.java:39)
      at org.apache.tapestry5.internal.plastic.AbstractMethodInvocation.proceed(AbstractMethodInvocation.java:86)
      at com.baw.admin.web.pages.ChangePassword.onSuccess(ChangePassword.java)
      at com.baw.admin.web.pages.ChangePassword.dispatchComponentEvent(ChangePassword.java)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.dispatchEvent(ComponentPageElementImpl.java:923)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.processEventTriggering(ComponentPageElementImpl.java:1106)
      ... 123 more
      Caused by: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated
      at org.apache.shiro.web.session.HttpServletSession.getAttributeKeys(HttpServletSession.java:131)
      at org.apache.shiro.session.ProxiedSession.getAttributeKeys(ProxiedSession.java:114)
      at org.apache.shiro.web.servlet.ShiroHttpSession.getKeyNames(ShiroHttpSession.java:145)
      ... 136 more
      Caused by: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated
      at org.apache.catalina.session.StandardSession.getAttributeNames(StandardSession.java:1249)
      at org.apache.catalina.session.StandardSessionFacade.getAttributeNames(StandardSessionFacade.java:168)
      at org.apache.shiro.web.session.HttpServletSession.getAttributeKeys(HttpServletSession.java:121)
      ... 138 more

      SEVERE: Render queue error in SetupRender[core/ExceptionReport:loop]: Failure reading parameter 'source' of component core/ExceptionReport:loop: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated
      org.apache.tapestry5.ioc.internal.util.TapestryException: Failure reading parameter 'source' of component core/ExceptionReport:loop: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated [at classpath:org/apache/tapestry5/corelib/pages/ExceptionReport.tml, line 29]
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl$AbstractPhase.invoke(ComponentPageElementImpl.java:153)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl$SetupRenderPhase.render(ComponentPageElementImpl.java:181)
      at org.apache.tapestry5.internal.services.RenderQueueImpl.run(RenderQueueImpl.java:72)
      at org.apache.tapestry5.internal.services.PageRenderQueueImpl.render(PageRenderQueueImpl.java:124)
      at $PageRenderQueue_127d3b8a5524c7b8.render(Unknown Source)
      at $PageRenderQueue_127d3b8a5524c7b7.render(Unknown Source)
      at org.apache.tapestry5.internal.services.MarkupRendererTerminator.renderMarkup(MarkupRendererTerminator.java:37)
      at org.apache.tapestry5.beanvalidator.BeanValidatorModule$2.renderMarkup(BeanValidatorModule.java:119)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$30.renderMarkup(TapestryModule.java:1979)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$29.renderMarkup(TapestryModule.java:1963)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$28.renderMarkup(TapestryModule.java:1945)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$27.renderMarkup(TapestryModule.java:1930)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$26.renderMarkup(TapestryModule.java:1916)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$25.renderMarkup(TapestryModule.java:1898)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$24.renderMarkup(TapestryModule.java:1879)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at $MarkupRenderer_127d3b8a5524c7b6.renderMarkup(Unknown Source)
      at org.apache.tapestry5.internal.services.PageMarkupRendererImpl.renderPageMarkup(PageMarkupRendererImpl.java:47)
      at $PageMarkupRenderer_127d3b8a5524c7b4.renderPageMarkup(Unknown Source)
      at org.apache.tapestry5.internal.services.PageResponseRendererImpl.renderPageResponse(PageResponseRendererImpl.java:67)
      at $PageResponseRenderer_127d3b8a5524c75b.renderPageResponse(Unknown Source)
      at org.apache.tapestry5.internal.services.DefaultRequestExceptionHandler.handleRequestException(DefaultRequestExceptionHandler.java:85)
      at org.tynamo.exceptionpage.services.ConfigurableRequestExceptionHandler.handleRequestException(ConfigurableRequestExceptionHandler.java:84)
      at com.flowlogix.web.services.ServicesModule$1.handleRequestException(ServicesModule.java:87)
      at $RequestExceptionHandler_127d3b8a5524c727.handleRequestException(Unknown Source)
      at org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:42)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:902)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:892)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:90)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:105)
      at org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:95)
      at org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
      at org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:119)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at $RequestHandler_127d3b8a5524c718.service(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:253)
      at com.flowlogix.web.services.internal.GwtCachingFilter.service(GwtCachingFilter.java:78)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.tynamo.security.services.impl.SecurityConfiguration$2.call(SecurityConfiguration.java:106)
      at org.tynamo.security.services.impl.SecurityConfiguration$2.call(SecurityConfiguration.java:104)
      at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
      at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
      at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:380)
      at org.tynamo.security.services.impl.SecurityConfiguration.service(SecurityConfiguration.java:104)
      at $HttpServletRequestFilter_127d3b8a5524c714.service(Unknown Source)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.apache.tapestry5.upload.internal.services.MultipartServletRequestFilter.service(MultipartServletRequestFilter.java:44)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
      at $HttpServletRequestFilter_127d3b8a5524c715.service(Unknown Source)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at $HttpServletRequestHandler_127d3b8a5524c711.service(Unknown Source)
      at org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
      at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
      at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
      at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
      at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
      at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
      at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
      at com.sun.grizzly.comet.CometEngine.executeServlet(CometEngine.java:444)
      at com.sun.grizzly.comet.CometEngine.handle(CometEngine.java:308)
      at com.sun.grizzly.comet.CometAsyncFilter.doFilter(CometAsyncFilter.java:87)
      at com.sun.grizzly.arp.DefaultAsyncExecutor.invokeFilters(DefaultAsyncExecutor.java:171)
      at com.sun.grizzly.arp.DefaultAsyncExecutor.interrupt(DefaultAsyncExecutor.java:143)
      at com.sun.grizzly.arp.AsyncProcessorTask.doTask(AsyncProcessorTask.java:94)
      at com.sun.grizzly.http.TaskBase.run(TaskBase.java:193)
      at com.sun.grizzly.http.TaskBase.execute(TaskBase.java:175)
      at com.sun.grizzly.arp.DefaultAsyncHandler.handle(DefaultAsyncHandler.java:145)
      at com.sun.grizzly.arp.AsyncProtocolFilter.execute(AsyncProtocolFilter.java:204)
      at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
      at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
      at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
      at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
      at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
      at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
      at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
      at java.lang.Thread.run(Thread.java:680)
      Caused by: org.apache.tapestry5.ioc.internal.util.TapestryException: Failure reading parameter 'source' of component core/ExceptionReport:loop: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated [at classpath:org/apache/tapestry5/corelib/pages/ExceptionReport.tml, line 29]
      at org.apache.tapestry5.internal.transform.ParameterWorker$3$1.readFromBinding(ParameterWorker.java:259)
      at org.apache.tapestry5.internal.transform.ParameterWorker$3$1.get(ParameterWorker.java:372)
      at org.apache.tapestry5.corelib.components.Loop.conduit_get_source(Loop.java)
      at org.apache.tapestry5.corelib.components.Loop.setup(Loop.java:324)
      at org.apache.tapestry5.corelib.components.Loop.setupRender(Loop.java)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl$SetupRenderPhase.invokeComponent(ComponentPageElementImpl.java:174)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl$AbstractPhase.invoke(ComponentPageElementImpl.java:133)
      ... 100 more
      Caused by: org.apache.tapestry5.ioc.internal.util.TapestryException: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated [at classpath:org/apache/tapestry5/corelib/pages/ExceptionReport.tml, line 29]
      at org.apache.tapestry5.internal.bindings.PropBinding.get(PropBinding.java:63)
      at org.apache.tapestry5.internal.transform.ParameterWorker$3$1.readFromBinding(ParameterWorker.java:254)
      ... 106 more
      Caused by: java.lang.IllegalStateException: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated
      at org.apache.shiro.web.servlet.ShiroHttpSession.getKeyNames(ShiroHttpSession.java:147)
      at org.apache.shiro.web.servlet.ShiroHttpSession.getAttributeNames(ShiroHttpSession.java:162)
      at org.apache.tapestry5.internal.services.SessionImpl.getAttributeNames(SessionImpl.java:52)
      at $InternalPropertyConduit_127d3b8a5524c818.get(Unknown Source)
      at org.apache.tapestry5.internal.bindings.PropBinding.get(PropBinding.java:59)
      ... 107 more
      Caused by: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated
      at org.apache.shiro.web.session.HttpServletSession.getAttributeKeys(HttpServletSession.java:131)
      at org.apache.shiro.session.ProxiedSession.getAttributeKeys(ProxiedSession.java:114)
      at org.apache.shiro.web.servlet.ShiroHttpSession.getKeyNames(ShiroHttpSession.java:145)
      ... 111 more
      Caused by: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated
      at org.apache.catalina.session.StandardSession.getAttributeNames(StandardSession.java:1249)
      at org.apache.catalina.session.StandardSessionFacade.getAttributeNames(StandardSessionFacade.java:168)
      at org.apache.shiro.web.session.HttpServletSession.getAttributeKeys(HttpServletSession.java:121)
      ... 113 more

      WARNING: StandardWrapperValve[default]: PWC1406: Servlet.service() for servlet default threw exception
      org.apache.shiro.subject.ExecutionException: org.apache.tapestry5.internal.services.RenderQueueException: Render queue error in SetupRender[core/ExceptionReport:loop]: Failure reading parameter 'source' of component core/ExceptionReport:loop: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated [at classpath:org/apache/tapestry5/corelib/pages/ExceptionReport.tml, line 29]
      at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:382)
      at org.tynamo.security.services.impl.SecurityConfiguration.service(SecurityConfiguration.java:104)
      at $HttpServletRequestFilter_127d3b8a5524c714.service(Unknown Source)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.apache.tapestry5.upload.internal.services.MultipartServletRequestFilter.service(MultipartServletRequestFilter.java:44)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
      at $HttpServletRequestFilter_127d3b8a5524c715.service(Unknown Source)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at $HttpServletRequestHandler_127d3b8a5524c711.service(Unknown Source)
      at org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
      at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
      at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
      at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
      at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
      at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
      at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
      at com.sun.grizzly.comet.CometEngine.executeServlet(CometEngine.java:444)
      at com.sun.grizzly.comet.CometEngine.handle(CometEngine.java:308)
      at com.sun.grizzly.comet.CometAsyncFilter.doFilter(CometAsyncFilter.java:87)
      at com.sun.grizzly.arp.DefaultAsyncExecutor.invokeFilters(DefaultAsyncExecutor.java:171)
      at com.sun.grizzly.arp.DefaultAsyncExecutor.interrupt(DefaultAsyncExecutor.java:143)
      at com.sun.grizzly.arp.AsyncProcessorTask.doTask(AsyncProcessorTask.java:94)
      at com.sun.grizzly.http.TaskBase.run(TaskBase.java:193)
      at com.sun.grizzly.http.TaskBase.execute(TaskBase.java:175)
      at com.sun.grizzly.arp.DefaultAsyncHandler.handle(DefaultAsyncHandler.java:145)
      at com.sun.grizzly.arp.AsyncProtocolFilter.execute(AsyncProtocolFilter.java:204)
      at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
      at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
      at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
      at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
      at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
      at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
      at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
      at java.lang.Thread.run(Thread.java:680)
      Caused by: org.apache.tapestry5.internal.services.RenderQueueException: Render queue error in SetupRender[core/ExceptionReport:loop]: Failure reading parameter 'source' of component core/ExceptionReport:loop: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated [at classpath:org/apache/tapestry5/corelib/pages/ExceptionReport.tml, line 29]
      at org.apache.tapestry5.internal.services.RenderQueueImpl.run(RenderQueueImpl.java:81)
      at org.apache.tapestry5.internal.services.PageRenderQueueImpl.render(PageRenderQueueImpl.java:124)
      at $PageRenderQueue_127d3b8a5524c7b8.render(Unknown Source)
      at $PageRenderQueue_127d3b8a5524c7b7.render(Unknown Source)
      at org.apache.tapestry5.internal.services.MarkupRendererTerminator.renderMarkup(MarkupRendererTerminator.java:37)
      at org.apache.tapestry5.beanvalidator.BeanValidatorModule$2.renderMarkup(BeanValidatorModule.java:119)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$30.renderMarkup(TapestryModule.java:1979)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$29.renderMarkup(TapestryModule.java:1963)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$28.renderMarkup(TapestryModule.java:1945)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$27.renderMarkup(TapestryModule.java:1930)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$26.renderMarkup(TapestryModule.java:1916)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$25.renderMarkup(TapestryModule.java:1898)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$24.renderMarkup(TapestryModule.java:1879)
      at $MarkupRenderer_127d3b8a5524c7bb.renderMarkup(Unknown Source)
      at $MarkupRenderer_127d3b8a5524c7b6.renderMarkup(Unknown Source)
      at org.apache.tapestry5.internal.services.PageMarkupRendererImpl.renderPageMarkup(PageMarkupRendererImpl.java:47)
      at $PageMarkupRenderer_127d3b8a5524c7b4.renderPageMarkup(Unknown Source)
      at org.apache.tapestry5.internal.services.PageResponseRendererImpl.renderPageResponse(PageResponseRendererImpl.java:67)
      at $PageResponseRenderer_127d3b8a5524c75b.renderPageResponse(Unknown Source)
      at org.apache.tapestry5.internal.services.DefaultRequestExceptionHandler.handleRequestException(DefaultRequestExceptionHandler.java:85)
      at org.tynamo.exceptionpage.services.ConfigurableRequestExceptionHandler.handleRequestException(ConfigurableRequestExceptionHandler.java:84)
      at com.flowlogix.web.services.ServicesModule$1.handleRequestException(ServicesModule.java:87)
      at $RequestExceptionHandler_127d3b8a5524c727.handleRequestException(Unknown Source)
      at org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:42)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:902)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:892)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:90)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:105)
      at org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:95)
      at org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
      at org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:119)
      at $RequestHandler_127d3b8a5524c729.service(Unknown Source)
      at $RequestHandler_127d3b8a5524c718.service(Unknown Source)
      at org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:253)
      at com.flowlogix.web.services.internal.GwtCachingFilter.service(GwtCachingFilter.java:78)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53)
      at $HttpServletRequestHandler_127d3b8a5524c719.service(Unknown Source)
      at org.tynamo.security.services.impl.SecurityConfiguration$2.call(SecurityConfiguration.java:106)
      at org.tynamo.security.services.impl.SecurityConfiguration$2.call(SecurityConfiguration.java:104)
      at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
      at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
      at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:380)
      ... 45 more
      Caused by: org.apache.tapestry5.ioc.internal.util.TapestryException: Failure reading parameter 'source' of component core/ExceptionReport:loop: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated [at classpath:org/apache/tapestry5/corelib/pages/ExceptionReport.tml, line 29]
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl$AbstractPhase.invoke(ComponentPageElementImpl.java:153)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl$SetupRenderPhase.render(ComponentPageElementImpl.java:181)
      at org.apache.tapestry5.internal.services.RenderQueueImpl.run(RenderQueueImpl.java:72)
      ... 98 more
      Caused by: org.apache.tapestry5.ioc.internal.util.TapestryException: Failure reading parameter 'source' of component core/ExceptionReport:loop: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated [at classpath:org/apache/tapestry5/corelib/pages/ExceptionReport.tml, line 29]
      at org.apache.tapestry5.internal.transform.ParameterWorker$3$1.readFromBinding(ParameterWorker.java:259)
      at org.apache.tapestry5.internal.transform.ParameterWorker$3$1.get(ParameterWorker.java:372)
      at org.apache.tapestry5.corelib.components.Loop.conduit_get_source(Loop.java)
      at org.apache.tapestry5.corelib.components.Loop.setup(Loop.java:324)
      at org.apache.tapestry5.corelib.components.Loop.setupRender(Loop.java)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl$SetupRenderPhase.invokeComponent(ComponentPageElementImpl.java:174)
      at org.apache.tapestry5.internal.structure.ComponentPageElementImpl$AbstractPhase.invoke(ComponentPageElementImpl.java:133)
      ... 100 more
      Caused by: org.apache.tapestry5.ioc.internal.util.TapestryException: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated [at classpath:org/apache/tapestry5/corelib/pages/ExceptionReport.tml, line 29]
      at org.apache.tapestry5.internal.bindings.PropBinding.get(PropBinding.java:63)
      at org.apache.tapestry5.internal.transform.ParameterWorker$3$1.readFromBinding(ParameterWorker.java:254)
      ... 106 more
      Caused by: java.lang.IllegalStateException: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated
      at org.apache.shiro.web.servlet.ShiroHttpSession.getKeyNames(ShiroHttpSession.java:147)
      at org.apache.shiro.web.servlet.ShiroHttpSession.getAttributeNames(ShiroHttpSession.java:162)
      at org.apache.tapestry5.internal.services.SessionImpl.getAttributeNames(SessionImpl.java:52)
      at $InternalPropertyConduit_127d3b8a5524c818.get(Unknown Source)
      at org.apache.tapestry5.internal.bindings.PropBinding.get(PropBinding.java:59)
      ... 107 more
      Caused by: org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated
      at org.apache.shiro.web.session.HttpServletSession.getAttributeKeys(HttpServletSession.java:131)
      at org.apache.shiro.session.ProxiedSession.getAttributeKeys(ProxiedSession.java:114)
      at org.apache.shiro.web.servlet.ShiroHttpSession.getKeyNames(ShiroHttpSession.java:145)
      ... 111 more
      Caused by: java.lang.IllegalStateException: PWC2779: getAttributeNames: Session already invalidated
      at org.apache.catalina.session.StandardSession.getAttributeNames(StandardSession.java:1249)
      at org.apache.catalina.session.StandardSessionFacade.getAttributeNames(StandardSessionFacade.java:168)
      at org.apache.shiro.web.session.HttpServletSession.getAttributeKeys(HttpServletSession.java:121)
      ... 113 more

        Activity

        Hide
        Lenny Primak added a comment -

        SecurityConfiguration.java
        final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, false);

        The 3rd argument is false, which gets Shiro native sessions, which diverge with Servlet container sessions,
        thus causing the problem. What's the issue of using true as the last argument?

        Show
        Lenny Primak added a comment - SecurityConfiguration.java final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, false); The 3rd argument is false, which gets Shiro native sessions, which diverge with Servlet container sessions, thus causing the problem. What's the issue of using true as the last argument?
        Hide
        Kalle Korhonen added a comment -

        There are no two sessions, but just a proxied session. The request wrapper is needed (TYNAMO-133) otherwise request.getRemoteUser() and request.isUserInRole(...) wouldn't work correctly when the are no chains associated to the request. I actually thought this specific issue was fixed in Shiro 1.2, will see how to properly resolve but I doubt we need to roll back TYNAMO-133.

        Show
        Kalle Korhonen added a comment - There are no two sessions, but just a proxied session. The request wrapper is needed ( TYNAMO-133 ) otherwise request.getRemoteUser() and request.isUserInRole(...) wouldn't work correctly when the are no chains associated to the request. I actually thought this specific issue was fixed in Shiro 1.2, will see how to properly resolve but I doubt we need to roll back TYNAMO-133 .
        Hide
        Lenny Primak added a comment -

        The issue is definitely here:
        final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, false);

        Because of the last argument is false, the Shiro native session gets created instead of proxying the HTTP session that lives in the contained. When the container session gets invalidated, the native session is still active even though it tries to access the container session beneath, thus creating errors.

        Show
        Lenny Primak added a comment - The issue is definitely here: final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, false); Because of the last argument is false, the Shiro native session gets created instead of proxying the HTTP session that lives in the contained. When the container session gets invalidated, the native session is still active even though it tries to access the container session beneath, thus creating errors.
        Hide
        Lenny Primak added a comment -
            • diff-patch attached ***
              ------------------------
              Index: src/main/java/org/tynamo/security/services/impl/PageServiceImpl.java
              ===================================================================
            • src/main/java/org/tynamo/security/services/impl/PageServiceImpl.java (revision 2246)
              +++ src/main/java/org/tynamo/security/services/impl/PageServiceImpl.java (working copy)
              @@ -104,7 +104,7 @@
              break;
              }
              if (requestUri == null) requestUri = fallbackUrl;
        • WebUtils.issueRedirect(request, response, requestUri, null, false, true);
          + WebUtils.issueRedirect(request, response, requestUri, null, true, true);
          }

        }
        Index: src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java
        ===================================================================
        — src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (revision 2246)
        +++ src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (working copy)
        @@ -83,7 +83,7 @@
        // or, more generically, if the same thread/container-level filter mapping handles the request twice
        if (originalRequest instanceof ShiroHttpServletRequest) return handler.service(originalRequest, response);

        • final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, false);
          + final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, true);

        String requestURI = pageService.getLocalelessPathWithinApplication();

        ------------------------
        Thanks

        Show
        Lenny Primak added a comment - diff-patch attached *** ------------------------ Index: src/main/java/org/tynamo/security/services/impl/PageServiceImpl.java =================================================================== src/main/java/org/tynamo/security/services/impl/PageServiceImpl.java (revision 2246) +++ src/main/java/org/tynamo/security/services/impl/PageServiceImpl.java (working copy) @@ -104,7 +104,7 @@ break; } if (requestUri == null) requestUri = fallbackUrl; WebUtils.issueRedirect(request, response, requestUri, null, false, true); + WebUtils.issueRedirect(request, response, requestUri, null, true, true); } } Index: src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java =================================================================== — src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (revision 2246) +++ src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (working copy) @@ -83,7 +83,7 @@ // or, more generically, if the same thread/container-level filter mapping handles the request twice if (originalRequest instanceof ShiroHttpServletRequest) return handler.service(originalRequest, response); final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, false); + final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, true); String requestURI = pageService.getLocalelessPathWithinApplication(); ------------------------ Thanks
        Hide
        Vladimir Velikiy added a comment -

        I also encountered this problem and this part of the patch from the previous comment helped me:

        SecurityConfiguration.java:

        • final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, false);
          + final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, true);

        But why do we need this replacement for PageServiceImpl.java:

        • WebUtils.issueRedirect(request, response, requestUri, null, false, true);
          + WebUtils.issueRedirect(request, response, requestUri, null, true, true);

        This will return back to the problem with duplicated context path (TYNAMO-124).

        Show
        Vladimir Velikiy added a comment - I also encountered this problem and this part of the patch from the previous comment helped me: SecurityConfiguration.java: final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, false); + final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, true); But why do we need this replacement for PageServiceImpl.java: WebUtils.issueRedirect(request, response, requestUri, null, false, true); + WebUtils.issueRedirect(request, response, requestUri, null, true, true); This will return back to the problem with duplicated context path ( TYNAMO-124 ).
        Hide
        Lenny Primak added a comment -

        Vladimir is right:

        TYNAMO-124 caused regression in my code due to my misunderstanding of fallbackURL.

        New patch:

            • diff-patch attached ***
              ------------------------

        Index: src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java
        ===================================================================
        — src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (revision 2246)
        +++ src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (working copy)
        @@ -83,7 +83,7 @@
        // or, more generically, if the same thread/container-level filter mapping handles the request twice
        if (originalRequest instanceof ShiroHttpServletRequest) return handler.service(originalRequest, response);

        • final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, false);
          + final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, true);

        String requestURI = pageService.getLocalelessPathWithinApplication();

        ------------------------
        Thanks

        Show
        Lenny Primak added a comment - Vladimir is right: TYNAMO-124 caused regression in my code due to my misunderstanding of fallbackURL. New patch: diff-patch attached *** ------------------------ Index: src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java =================================================================== — src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (revision 2246) +++ src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (working copy) @@ -83,7 +83,7 @@ // or, more generically, if the same thread/container-level filter mapping handles the request twice if (originalRequest instanceof ShiroHttpServletRequest) return handler.service(originalRequest, response); final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, false); + final HttpServletRequest request = new ShiroHttpServletRequest(originalRequest, servletContext, true); String requestURI = pageService.getLocalelessPathWithinApplication(); ------------------------ Thanks
        Hide
        Kalle Korhonen added a comment -

        Yes, agree you are both right. Fix is trivial but I have to shuffle the integration test suite to make sure we catch this.

        Show
        Kalle Korhonen added a comment - Yes, agree you are both right. Fix is trivial but I have to shuffle the integration test suite to make sure we catch this.
        Hide
        Lenny Primak added a comment -

        Works now - thanks

        Show
        Lenny Primak added a comment - Works now - thanks
        Hide
        Alejandro Scandroli added a comment -

        bulk closing issues that have been resolved for more than a year.

        Show
        Alejandro Scandroli added a comment - bulk closing issues that have been resolved for more than a year.

          People

          • Assignee:
            Kalle Korhonen
            Reporter:
            Lenny Primak
          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: