[
http://issues.apache.org/jira/browse/BEEHIVE-873?page=comments#action_12373777
]
Abdessattar Sassi commented on BEEHIVE-873:
-------------------------------------------
After further investigation, the exception is a bug in Tomcat 5.5.16 and I
guess earlier versions too. An access to the principal in the AuthenticatorBase
class while it is a null pointer causes the exception. Fortunately enough this
only happens in a DEBUG trace :)
protected void register(Request request, Response response,
Principal principal, String authType,
String username, String password) {
if (log.isDebugEnabled())
log.debug("Authenticated '" + principal.getName() + "' with type '"
+ authType + "'");
// Cache the authentication information in our request
request.setAuthType(authType);
request.setUserPrincipal(principal);
......
Would be worth checking however whether this is the behavior you want from
beehive side :)
> HTTP session gets created after the pageflow application invalidates it
> (logout) and the response is committed, resulting in IllegalStateException
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: BEEHIVE-873
> URL: http://issues.apache.org/jira/browse/BEEHIVE-873
> Project: Beehive
> Type: Bug
> Components: NetUI
> Versions: v1m1, V1Beta, V1Alpha
> Environment: Beehive SVN latest,
> Tomcat 5.5.7 and Tomcat 5.5.9
> Reporter: Abdessattar Sassi
> Assignee: Alejandro Ramirez
> Attachments: session-patch.txt
>
> The application scenarion is as following:
> - A JSP calls an action in a page flow controller that does the logout from
> the application.
> - The pageflow logout action is as following:
> /**
> */
> @Jpf.Action(
> forwards = {
> @Jpf.Forward(name = "success", path = "/bye.html",
> redirect = true)
> }
> )
> protected Forward doLogout() {
> // Logout but if running with Single Sign-On in the app server, do not
> // invalidate all the sessions.
> // The current application session will be invalidated manually right
> // after the logout.
> logout(false);
> HttpSession session = getRequest().getSession(false);
> if (session != null) {
> session.invalidate();
> }
> return new Forward("success");
> }
> - The HTTP session get invalidated by the application, it actually also gets
> invalidated by the Tomcat server adapter PageFlowValve in logout().
> - The request processing in PageFlowrequestProcessor,
> private void processInternal( HttpServletRequest request, HttpServletResponse
> response )
> ends teh processing by calling the DeferredSessionStorageHandler public void
> applyChanges( RequestContext context ) method which does the following:
> if ( changedAttrs != null )
> {
> HttpSession session = request.getSession();
> - The call to getSession() results in an attempt to create the Session object
> again even though the response has been committed by Tomcat. Such conditions
> result in an IllegalStateException thrown by Tomcat and an error page to the
> user.
> A suggested good behavior (to be validated by the beehive developers) is to
> obtain the session without creating it and checking if a session exists or
> not before applying the changes:
> if ( changedAttrs != null )
> {
> HttpSession session = request.getSession(false);
> if ( session != null )
> {
> A patch to the DeferredSessionStorageHandler class is provided with this
> issue report. The patch was tested and now the application works just like
> expected. After logout, the bye.html page is displayed and no more session
> exists in the Tomcat server after logout.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
