[ https://issues.apache.org/jira/browse/WICKET-7056?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Tzvetanov Grigorov resolved WICKET-7056. ----------------------------------------------- Fix Version/s: 10.0.0-M2 9.16.0 8.15.0 Assignee: Martin Tzvetanov Grigorov Resolution: Fixed > HttpSessionStore#getAttribute called on invalidated session > ----------------------------------------------------------- > > Key: WICKET-7056 > URL: https://issues.apache.org/jira/browse/WICKET-7056 > Project: Wicket > Issue Type: Bug > Components: wicket > Affects Versions: 8.13.0 > Environment: Ubuntu Linux v. 18 > WebSphere AS 9.0.5.14 > Wicket 8.13.0 > Reporter: David Rain > Assignee: Martin Tzvetanov Grigorov > Priority: Major > Labels: Wicket, invalidation, session > Fix For: 10.0.0-M2, 9.16.0, 8.15.0 > > Original Estimate: 4h > Remaining Estimate: 4h > > The org.apache.wicket.session.HttpSessionStore#getHttpSession does not take > an invalidated session state into account. > Thus the e.g. getAttribute method the calls the httpSession#getAttribute > which results to the exception being thrown by server (WebSphere and Jetty in > our case). See > [https://www.ibm.com/support/pages/javalangillegalstateexception-thrown-session-manager] > In my opinion the HttpSessionStore should check the valid state of the > session before trying to access it. > {code:java} > Exception occurred during onEndRequest > java.lang.IllegalStateException: The following session is not valid! > FAMtHV-7DvEsvj07hsLKExc > at > com.ibm.ws.session.http.HttpSessionImpl.getAttribute(HttpSessionImpl.java:191) > at com.ibm.ws.session.SessionData.getSessionValue(SessionData.java:307) > at com.ibm.ws.session.SessionData.getAttribute(SessionData.java:163) > at > com.ibm.ws.session.HttpSessionFacade.getAttribute(HttpSessionFacade.java:139) > at > org.apache.wicket.session.HttpSessionStore.getAttribute(HttpSessionStore.java:256) > at > org.apache.wicket.session.HttpSessionStore.getWicketSession(HttpSessionStore.java:188) > at > org.apache.wicket.session.HttpSessionStore.lookup(HttpSessionStore.java:175) > at org.apache.wicket.Session.bind(Session.java:268) > at > org.apache.wicket.page.DefaultPageManagerContext.bind(DefaultPageManagerContext.java:43) > at org.apache.wicket.page.RequestAdapter.bind(RequestAdapter.java:88) > at > org.apache.wicket.page.RequestAdapter.endRequest(RequestAdapter.java:187) > at > org.apache.wicket.page.AbstractPageManager.endRequest(AbstractPageManager.java:75) > at > org.apache.wicket.page.PageManagerDecorator.endRequest(PageManagerDecorator.java:78) > at org.apache.wicket.Application$2.onEndRequest(Application.java:1604) > at > org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:85) > at > org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:81) > at > org.apache.wicket.util.listener.ListenerCollection.reversedNotify(ListenerCollection.java:144) > at > org.apache.wicket.request.cycle.RequestCycleListenerCollection.onEndRequest(RequestCycleListenerCollection.java:80) > at > org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:266) > at > org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:276) > at > org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:66) > at > org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207) > at > org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306) > at > com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197) > at > com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317) > at > org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) > at > org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:208) > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263) > at > com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197) > at > com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90) > at > cz.kb.common.context.servlet.CorrelationContextFilter.doFilter(CorrelationContextFilter.java:50) > at > cz.kb.dcs.module_init.api.DcsCorrelationContextFilter.doFilter(DcsCorrelationContextFilter.java:92) > at > com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197) > at > com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90) > at > com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:979) > at > com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1119) > at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4238) > at > com.ibm.ws.webcontainer.webapp.WebAppImpl.handleRequest(WebAppImpl.java:2210) > at > com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304) > at > com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1033) > at > com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817) > at > com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:382) > at > com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465) > at > com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:532) > at > com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:318) > at > com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:289) > at > com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214) > at > com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113) > at > com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:558) > at > com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:608) > at > com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:985) > at > com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1074) > at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909) {code} > -- This message was sent by Atlassian Jira (v8.20.10#820010)