[
https://issues.apache.org/jira/browse/WICKET-7056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17771879#comment-17771879
]
David Rain commented on WICKET-7056:
------------------------------------
[~mgrigorov] [~solomax]
Hello guys!
I found the cause of this problem. I think this issue should be re-opened.
It is a thread synchronization issue in the
org.apache.wicket.session.HttpSessionStore#{color:#000000}getAttribute{color}
method. (and others set, remove, etc.)
{code:java}
public final Serializable getAttribute(final Request request, final String name)
{
HttpSession httpSession = getHttpSession(request, false);
if (httpSession != null)
{
return
(Serializable)httpSession.getAttribute(getSessionAttributePrefix(request) +
name);
}
return null;
}
{code}
# The getHttpSession returns non-null value in case HTTP session exists and is
valid and reference to it is stored.
# (!) Meanwhile the session is invalidated by another thread (another http
request).
# The IF condition evaluates still to true and it results in calling
httpSession.getAttribute.
# Because the session has been invalidated by another thread this call results
in IllegalStateException
(on) Methods calling getAttributeNames, removeAttribute, getAttribute,
setAttribute should be declared as synchronized or there should be explicit
synchronized block inside.
Regards, David
> HttpSessionStore#getAttribute called on invalidated session
> -----------------------------------------------------------
>
> Key: WICKET-7056
> URL: https://issues.apache.org/jira/browse/WICKET-7056
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 8.13.0
> Environment: Ubuntu Linux v. 18
> WebSphere AS 9.0.5.14
> Wicket 8.13.0
> Reporter: David Rain
> Priority: Major
> Labels: Wicket, invalidation, session
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> The org.apache.wicket.session.HttpSessionStore#getHttpSession does not take
> an invalidated session state into account.
> Thus the e.g. getAttribute method the calls the httpSession#getAttribute
> which results to the exception being thrown by server (WebSphere and Jetty in
> our case). See
> [https://www.ibm.com/support/pages/javalangillegalstateexception-thrown-session-manager]
> In my opinion the HttpSessionStore should check the valid state of the
> session before trying to access it.
> {code:java}
> Exception occurred during onEndRequest
> java.lang.IllegalStateException: The following session is not valid!
> FAMtHV-7DvEsvj07hsLKExc
> at
> com.ibm.ws.session.http.HttpSessionImpl.getAttribute(HttpSessionImpl.java:191)
> at com.ibm.ws.session.SessionData.getSessionValue(SessionData.java:307)
> at com.ibm.ws.session.SessionData.getAttribute(SessionData.java:163)
> at
> com.ibm.ws.session.HttpSessionFacade.getAttribute(HttpSessionFacade.java:139)
> at
> org.apache.wicket.session.HttpSessionStore.getAttribute(HttpSessionStore.java:256)
> at
> org.apache.wicket.session.HttpSessionStore.getWicketSession(HttpSessionStore.java:188)
> at
> org.apache.wicket.session.HttpSessionStore.lookup(HttpSessionStore.java:175)
> at org.apache.wicket.Session.bind(Session.java:268)
> at
> org.apache.wicket.page.DefaultPageManagerContext.bind(DefaultPageManagerContext.java:43)
> at org.apache.wicket.page.RequestAdapter.bind(RequestAdapter.java:88)
> at
> org.apache.wicket.page.RequestAdapter.endRequest(RequestAdapter.java:187)
> at
> org.apache.wicket.page.AbstractPageManager.endRequest(AbstractPageManager.java:75)
> at
> org.apache.wicket.page.PageManagerDecorator.endRequest(PageManagerDecorator.java:78)
> at org.apache.wicket.Application$2.onEndRequest(Application.java:1604)
> at
> org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:85)
> at
> org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:81)
> at
> org.apache.wicket.util.listener.ListenerCollection.reversedNotify(ListenerCollection.java:144)
> at
> org.apache.wicket.request.cycle.RequestCycleListenerCollection.onEndRequest(RequestCycleListenerCollection.java:80)
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:266)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:276)
> at
> org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:66)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:208)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
> at
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
> at
> cz.kb.common.context.servlet.CorrelationContextFilter.doFilter(CorrelationContextFilter.java:50)
> at
> cz.kb.dcs.module_init.api.DcsCorrelationContextFilter.doFilter(DcsCorrelationContextFilter.java:92)
> at
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:979)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1119)
> at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4238)
> at
> com.ibm.ws.webcontainer.webapp.WebAppImpl.handleRequest(WebAppImpl.java:2210)
> at
> com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
> at
> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1033)
> at
> com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
> at
> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:382)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:532)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:318)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:289)
> at
> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
> at
> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:558)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:608)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:985)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1074)
> at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909) {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
