[
https://issues.apache.org/jira/browse/WICKET-7056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17773281#comment-17773281
]
David Rain commented on WICKET-7056:
------------------------------------
[~tgierke2342] Because getAttribute throws the IllegalStateException when
called on an invalid session. That's what we're discussing here. The J2EE
specification is designed the way it is. This (very abstract IMHO)
IllegalStateException is used for controlling the app (instead of returning
null for example).
I thought of putting some variable inside the Wicket's Session object
itself.... but.... this object is also stored as a HTTP session attribute. The
very same problem.
I could not find any suitable object for synchronization so far.
> HttpSessionStore#getAttribute called on invalidated session
> -----------------------------------------------------------
>
> Key: WICKET-7056
> URL: https://issues.apache.org/jira/browse/WICKET-7056
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 8.13.0
> Environment: Ubuntu Linux v. 18
> WebSphere AS 9.0.5.14
> Wicket 8.13.0
> Reporter: David Rain
> Priority: Major
> Labels: Wicket, invalidation, session
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> The org.apache.wicket.session.HttpSessionStore#getHttpSession does not take
> an invalidated session state into account.
> Thus the e.g. getAttribute method the calls the httpSession#getAttribute
> which results to the exception being thrown by server (WebSphere and Jetty in
> our case). See
> [https://www.ibm.com/support/pages/javalangillegalstateexception-thrown-session-manager]
> In my opinion the HttpSessionStore should check the valid state of the
> session before trying to access it.
> {code:java}
> Exception occurred during onEndRequest
> java.lang.IllegalStateException: The following session is not valid!
> FAMtHV-7DvEsvj07hsLKExc
> at
> com.ibm.ws.session.http.HttpSessionImpl.getAttribute(HttpSessionImpl.java:191)
> at com.ibm.ws.session.SessionData.getSessionValue(SessionData.java:307)
> at com.ibm.ws.session.SessionData.getAttribute(SessionData.java:163)
> at
> com.ibm.ws.session.HttpSessionFacade.getAttribute(HttpSessionFacade.java:139)
> at
> org.apache.wicket.session.HttpSessionStore.getAttribute(HttpSessionStore.java:256)
> at
> org.apache.wicket.session.HttpSessionStore.getWicketSession(HttpSessionStore.java:188)
> at
> org.apache.wicket.session.HttpSessionStore.lookup(HttpSessionStore.java:175)
> at org.apache.wicket.Session.bind(Session.java:268)
> at
> org.apache.wicket.page.DefaultPageManagerContext.bind(DefaultPageManagerContext.java:43)
> at org.apache.wicket.page.RequestAdapter.bind(RequestAdapter.java:88)
> at
> org.apache.wicket.page.RequestAdapter.endRequest(RequestAdapter.java:187)
> at
> org.apache.wicket.page.AbstractPageManager.endRequest(AbstractPageManager.java:75)
> at
> org.apache.wicket.page.PageManagerDecorator.endRequest(PageManagerDecorator.java:78)
> at org.apache.wicket.Application$2.onEndRequest(Application.java:1604)
> at
> org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:85)
> at
> org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:81)
> at
> org.apache.wicket.util.listener.ListenerCollection.reversedNotify(ListenerCollection.java:144)
> at
> org.apache.wicket.request.cycle.RequestCycleListenerCollection.onEndRequest(RequestCycleListenerCollection.java:80)
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:266)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:276)
> at
> org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:66)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> at
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:208)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
> at
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
> at
> cz.kb.common.context.servlet.CorrelationContextFilter.doFilter(CorrelationContextFilter.java:50)
> at
> cz.kb.dcs.module_init.api.DcsCorrelationContextFilter.doFilter(DcsCorrelationContextFilter.java:92)
> at
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:979)
> at
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1119)
> at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4238)
> at
> com.ibm.ws.webcontainer.webapp.WebAppImpl.handleRequest(WebAppImpl.java:2210)
> at
> com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
> at
> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1033)
> at
> com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
> at
> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:382)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:532)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:318)
> at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:289)
> at
> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
> at
> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:558)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:608)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:985)
> at
> com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1074)
> at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909) {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
