Uploaded image for project: 'Seam 2'
  1. Seam 2
  2. JBSEAM-4003

SecurityInterceptor can fail in a cluster

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 2.1.2.CR1
    • Component/s: None
    • Labels:
      None

      Description

      SecurityInterceptor with an @Restrict clause can cause session replication to fail. Session replication requires calling the hashCode method. If this method throws an exception, session replication fails, putting the application in bad state.

      15:47:52,701 WARN [/seam-booking] Failed to replicate session mKN0jWfC7HHRYT1vmOeB-Q__
      org.jboss.seam.security.NotLoggedInException
      at org.jboss.seam.security.Identity.checkRestriction(Identity.java:217)
      at org.jboss.seam.security.SecurityInterceptor$Restriction.check(SecurityInterceptor.java:113)
      at org.jboss.seam.security.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:159)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.ejb.RemoveInterceptor.aroundInvoke(RemoveInterceptor.java:43)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.core.SynchronizationInterceptor.aroundInvoke(SynchronizationInterceptor.java:32)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:118)
      at org.jboss.seam.intercept.ClientSideInterceptor.invoke(ClientSideInterceptor.java:54)
      at org.javassist.tmp.java.lang.Object_$$javassist_seam_4.hashCode(Object$$_javassist_seam_4.java)
      at java.util.HashMap$Entry.hashCode(HashMap.java:764)
      at java.util.AbstractMap.hashCode(AbstractMap.java:557)
      at org.jboss.ha.framework.server.SimpleCachableMarshalledValue.<init>(SimpleCachableMarshalledValue.java:74)
      at org.jboss.ha.framework.server.SimpleCachableMarshalledValue.<init>(SimpleCachableMarshalledValue.java:80)
      at org.jboss.web.tomcat.service.session.distributedcache.spi.SessionSerializationFactory.createMarshalledValue(SessionSerializationFactory.java:74)
      at org.jboss.web.tomcat.service.session.distributedcache.impl.jbc.AbstractJBossCacheService.getMarshalledValue(AbstractJBossCacheService.java:641)
      at org.jboss.web.tomcat.service.session.distributedcache.impl.jbc.AbstractJBossCacheService.putSession(AbstractJBossCacheService.java:405)
      at org.jboss.web.tomcat.service.session.ClusteredSession.processSessionReplication(ClusteredSession.java:1194)
      at org.jboss.web.tomcat.service.session.JBossCacheManager.processSessionRepl(JBossCacheManager.java:1635)
      at org.jboss.web.tomcat.service.session.JBossCacheManager.storeSession(JBossCacheManager.java:294)
      at org.jboss.web.tomcat.service.session.InstantSnapshotManager.snapshot(InstantSnapshotManager.java:49)
      at org.jboss.web.tomcat.service.session.ClusteredSessionValve.invoke(ClusteredSessionValve.java:120)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:613)

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                norman.richards Norman Richards
                Reporter:
                norman.richards Norman Richards
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: