[
https://issues.apache.org/jira/browse/WICKET-7056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17772255#comment-17772255
]
ASF GitHub Bot commented on WICKET-7056:
----------------------------------------
DavesMan opened a new pull request, #670:
URL: https://github.com/apache/wicket/pull/670
… log them
1. The getHttpSession returns non-null value in case HTTP session exists and
is valid and reference to it is stored.
2. Meanwhile the session is invalidated by another thread (another http
request).
3. The IF condition evaluates still to true and it results in calling
httpSession.getAttribute.
4. Because the session has been invalidated by another thread this call
results in IllegalStateException
> HttpSessionStore#getAttribute called on invalidated session
> -----------------------------------------------------------
>
> Key: WICKET-7056
> URL: https://issues.apache.org/jira/browse/WICKET-7056
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 8.13.0
> Environment: Ubuntu Linux v. 18
> WebSphere AS 9.0.5.14
> Wicket 8.13.0
> Reporter: David Rain
> Priority: Major
> Labels: Wicket, invalidation, session
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> The org.apache.wicket.session.HttpSessionStore#getHttpSession does not take
> an invalidated session state into account.
> Thus the e.g. getAttribute method the calls the httpSession#getAttribute
> which results to the exception being thrown by server (WebSphere and Jetty in
> our case). See
> [https://www.ibm.com/support/pages/javalangillegalstateexception-thrown-session-manager]
> In my opinion the HttpSessionStore should check the valid state of the
> session before trying to access it.
> {code:java}
> Exception occurred during onEndRequest
> java.lang.IllegalStateException: The following session is not valid!
> FAMtHV-7DvEsvj07hsLKExc
> at
> com.ibm.ws.session.http.HttpSessionImpl.getAttribute(HttpSessionImpl.java:191)
> at com.ibm.ws.session.SessionData.getSessionValue(SessionData.java:307)
> at com.ibm.ws.session.SessionData.getAttribute(SessionData.java:163)
> at
> com.ibm.ws.session.HttpSessionFacade.getAttribute(HttpSessionFacade.java:139)
> at
> org.apache.wicket.session.HttpSessionStore.getAttribute(HttpSessionStore.java:256)
> at
> org.apache.wicket.session.HttpSessionStore.getWicketSession(HttpSessionStore.java:188)
> at
> org.apache.wicket.session.HttpSessionStore.lookup(HttpSessionStore.java:175)
> at org.apache.wicket.Session.bind(Session.java:268)
> at
> org.apache.wicket.page.DefaultPageManagerContext.bind(DefaultPageManagerContext.java:43)
> at org.apache.wicket.page.RequestAdapter.bind(RequestAdapter.java:88)
> at
> org.apache.wicket.page.RequestAdapter.endRequest(RequestAdapter.java:187)
> at
> org.apache.wicket.page.AbstractPageManager.endRequest(AbstractPageManager.java:75)
> at
> org.apache.wicket.page.PageManagerDecorator.endRequest(PageManagerDecorator.java:78)
> at org.apache.wicket.Application$2.onEndRequest(Application.java:1604)
> at
> org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:85)
> at
> org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:81)
> at
> org.apache.wicket.util.listener.ListenerCollection.reversedNotify(ListenerCollection.java:144)
> at
> org.apache.wicket.request.cycle.RequestCycleListenerCollection.onEndRequest(RequestCycleListenerCollection.java:80)
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:266)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:276)
> at
> org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:66)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:208)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
> at
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
> at
> cz.kb.common.context.servlet.CorrelationContextFilter.doFilter(CorrelationContextFilter.java:50)
> at
> cz.kb.dcs.module_init.api.DcsCorrelationContextFilter.doFilter(DcsCorrelationContextFilter.java:92)
> at
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:979)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1119)
> at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4238)
> at
> com.ibm.ws.webcontainer.webapp.WebAppImpl.handleRequest(WebAppImpl.java:2210)
> at
> com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
> at
> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1033)
> at
> com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
> at
> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:382)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:532)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:318)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:289)
> at
> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
> at
> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:558)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:608)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:985)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1074)
> at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909) {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
