Hello all,
Just wanted to give you all an update to my issue with my elusive
IllegalStateException error.
I have been working with various parts of code, stripping down to the basics,
then adjusting libraries as well as webflow direction.
Just when I thought I had this issue resolved, it appears again (yesterday, at
4:45PM no less) -- this time in the section of CAS that I have built to handle
"I forgot my userid/password" logic.
This forgot-password logic (along with all the other parts) had made it past
the load testing phase before we changed the ticket registry backend. I also
have refactored the sections that were using an ldapTemplate to get the
ldapTemplate the same way LPPE is doing: through the setContextSource method
that requests the ldapTemplate internally.
The worst part of this error is not just that it is intermittent, it appears to
happen when all of the spring webflow is completed. This time (like the last
when it was happening with the login webflow) the exception is being thrown at
(or after) an end-state: and a simple one at that.
Also it has been common that this stack trace: "IllegalStateException: Cannot
create a session after the response has already been committed" starts in
"tomcat-land" and I don't see anything related to Spring (or CAS) in the
stacktrace at all.
So today, at a loss for other options I decided to switch to Jetty, just to see.
Guess what: no errors.
I just finished running a small load test with stable results, yay.
This hasn't been the first time I have had a finger to point toward the Tomcat
community, the last one involved an equals sign in a cookie (I can't help what
vendors do), and Tomcat stripping it out with no prevention option (this was
tomcat 5, and has since been changed).
So this leads me to ask more questions:
Who all in our CAS community is using Jetty in production? I
know I asked about this before but now it seems way more compelling.
Who is using Jetty in a load balanced/SSL accelerated
environment? in the Tomcat world I would have to set an http connector with
scheme=https and proxyport=443 to have it mimic https, is setting
X-Forwarded-For headers in our load balancer all I need to get the same
behavior?
Now for my maven build questions:
During my various build attempts, I've noticed even more dependency issues with
my maven build.
This report is coming from a very close to vanilla pom.xml, using the released
3.5.2 packages.
Here are the conflicting versions of libs that are currently brought in:
commons-collections: 3.2 and 3.2.1
With these libs together I was getting exceptions related to
reading the properties file.
javassist: 3.15.0-GA and 3.7.ga (interesting one here, there is group javassist
which is providing the 3.15 version, the 3.7 version is coming from
jboss:javassist.
CAS-Server-Core has listed in its pom a dependency to version
3.12.1.GA, which is not even included in my war file.'
stax-api: 1.0-2 and 1.0.1
The most major difference in version numbers is the javassist library.
I have been able to get rid of the extra commons-collections by adding this as
a dependency in cas-server-core's pom.xml, next to the addition I made for
joda-time 2.1
I have also had issues with the maven process dumping in spring 3.0.5 and 3.1.1
libs (so about ten of them?). This got resolved by adding the exception to
com.github.inspektr within the pom.xml for cas-server-webapp:
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>*</artifactId>
</exclusion>
For now, I am just removing the older libs from my war file pre-deployment
since I don't have the time to sift through the dependency tree, try exclusions
and rebuild.
I am wondering if others have the same versions in their builds, what is the
appropriate version to use, and if there are additions to delivered pom.xml
files that can be made?
I know I type a lot, but I hope my information is complete.
Let me know your findings, thanks.
-Michael.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
