BIG -1 on disabling session persistence. This is a convenience provided by Tomcat & many other AppServers. Just because our developers have not followed best practices & put all sorts of unseriliazable stuff into the session. we cannot remove this feature. Fix the root cause, not the symptom.
On Mon, May 28, 2012 at 10:19 AM, Thilina Buddhika <[email protected]>wrote: > > > On Mon, May 28, 2012 at 9:58 AM, Dimuthu Leelarathne <[email protected]>wrote: > >> Hi all, >> >> On Mon, May 28, 2012 at 9:47 AM, Amila Jayasekara <[email protected]>wrote: >> >>> Hi Senaka, >>> >>> I didnt get a chance to look into this yet. I am engaged in fixing >>> some security issue. Can someone else please look into this ? >>> My suggestion is to disable session persistence. >>> >>> >> +1 >> > > +1. It opens up a lot of issues compared to the convenience it brings in. > > Thanks, > Thilina > > >> >> thanks, >> dimuthu >> >> >> >>> Thanks >>> AmilaJ >>> >>> On Sun, May 27, 2012 at 2:55 PM, Senaka Fernando <[email protected]> >>> wrote: >>> > Hi AmilaJ, >>> > >>> > What's the status of this? There are multiple issues reported due to >>> this. >>> > If this is something that is hard to fix, can we preserve the behavior >>> we >>> > had during the last release? >>> > >>> > Thanks, >>> > Senaka. >>> > >>> > >>> > On Fri, May 18, 2012 at 9:14 PM, Senaka Fernando <[email protected]> >>> wrote: >>> >> >>> >> Hi AmilaJ, >>> >> >>> >> When someone logs in, there are certain objects that are created >>> within >>> >> the authentication framework. Can we ensure that these are >>> regenerated? We >>> >> might be able to eliminate most issues in this way. >>> >> >>> >> Also, the UI framework overrides the session object IIRC (I might be >>> >> mistaken, but IIRC it was done this way for some reason). So, if we >>> can >>> >> print a warning for each non-serializable object that is stored on >>> the HTTP >>> >> session for a short period (we will get rid of that before the >>> release of >>> >> course), people can easily fix the UI components too. We probably can >>> make >>> >> good progress in going ahead with option #1 in that way. >>> >> >>> >> WDYT? >>> >> >>> >> Thanks, >>> >> Senaka. >>> >> >>> >> >>> >> On Fri, May 18, 2012 at 3:25 PM, Amila Suriarachchi <[email protected]> >>> >> wrote: >>> >>> >>> >>> >>> >>> >>> >>> On Fri, May 18, 2012 at 3:10 PM, Amila Jayasekara <[email protected]> >>> >>> wrote: >>> >>>> >>> >>>> Inorder for this to work we need to make sure all our user >>> interfaces >>> >>>> are aware about session persistence. Currently we have JSP pages >>> where >>> >>>> we set certain non-serializable objects to session and access them >>> in >>> >>>> subsequent pages. So if we are at a page where object is accessed >>> and >>> >>>> if we try to access the page after a restart we might face issues >>> (as >>> >>>> expected objects are not found in the sessio >>> >>>> >>> >>>> Thilina also reported several similar issues. >>> >>>> >>> >>>> We have 2 solutions for this. >>> >>>> >>> >>>> 1. Make sure all JSPs are aware about session persistence. i.e. if a >>> >>>> JSP or UI component doesnt find a necessary object in session it has >>> >>>> to execute some code to initialize the object and carry on >>> processing >>> >>>> - This might be tedious as we need to go through all UI/JSP >>> components >>> >>>> to find such occurrences. >>> >>>> >>> >>>> 2. Disable session persistence and make the system re-direct to >>> login >>> >>>> page during authentication - This is what we had in earlier >>> releases. >>> >>> >>> >>> >>> >>> if there was a reason to change this? if not better to use this since >>> >>> that worked fine for last builds. >>> >>> >>> >>> thanks, >>> >>> Amila. >>> >>>> >>> >>>> >>> >>>> So what is the best option to solve this issue ? >>> >>>> >>> >>>> Thanks >>> >>>> AmilaJ >>> >>>> >>> >>>> On Fri, May 18, 2012 at 2:58 PM, Shammi Jayasinghe <[email protected] >>> > >>> >>>> wrote: >>> >>>> > >>> >>>> > >>> >>>> > On Fri, May 18, 2012 at 2:27 PM, Shammi Jayasinghe < >>> [email protected]> >>> >>>> > wrote: >>> >>>> >> >>> >>>> >> This problem went off once i updated and built the complete >>> platform >>> >>>> >> and >>> >>>> >> kernel >>> >>>> >> >>> >>>> >> Thanks >>> >>>> >> Shammi >>> >>>> >> >>> >>>> >> >>> >>>> >> On Fri, May 18, 2012 at 2:08 PM, Isuru Wimalasundera >>> >>>> >> <[email protected]> >>> >>>> >> wrote: >>> >>>> >>> >>> >>>> >>> Hi >>> >>>> >>> >>> >>>> >>> I am facing a similar kind of situation when restarting the Greg >>> >>>> >>> server. >>> >>>> >>> After a restart I can not open the service list page because >>> from >>> >>>> >>> the >>> >>>> >>> ListMetaDataService it returns a NULL registry. When dig deep >>> the >>> >>>> >>> reason for >>> >>>> >>> returning a NULL registry is identified as the following code >>> >>>> >>> segment of >>> >>>> >>> AbstractAdmin returns a NULL. >>> >>>> >>> >>> >>>> >>> >>> >>>> >>> >>> >>>> >>> >>> CarbonContext.getCurrentContext().getRegistry(RegistryType.USER_GOVERNANCE); >>> >>>> >>> >>> >>>> >>> the CarbonContext.getCurrentContext() returns a NULL. How is it >>> >>>> >>> possible >>> >>>> >>> to overcome this issue? >>> >>>> >>> >>> >>>> > Hi Isuru, >>> >>>> > Yes it still exists once i restarted the server. Seems some >>> >>>> > configuration >>> >>>> > happens at the initial start up and due to that this happens. >>> >>>> > >>> >>>> > Thanks >>> >>>> > Shammi >>> >>>> > >>> >>>> >>> >>> >>>> >>> Thanks >>> >>>> >>> Isuruw >>> >>>> >>> >>> >>>> >>> >>> >>>> >>> On Fri, May 18, 2012 at 12:38 PM, Shammi Jayasinghe >>> >>>> >>> <[email protected]> >>> >>>> >>> wrote: >>> >>>> >>>> >>> >>>> >>>> Hi , >>> >>>> >>>> I am getting following NPE [1]when trying to subscribe to a >>> topic. >>> >>>> >>>> It >>> >>>> >>>> is due to the null value of "CarbonContext.getCurrentContext()" >>> >>>> >>>> coming from >>> >>>> >>>> the following method in event.core module. I built the complete >>> >>>> >>>> platform >>> >>>> >>>> yesterday. Is this a known issue ? >>> >>>> >>>> >>> >>>> >>>> Thanks >>> >>>> >>>> Shammi >>> >>>> >>>> >>> >>>> >>>> public static String getLoggedInUserName() { >>> >>>> >>>> String userName = ""; >>> >>>> >>>> if (CarbonContext.getCurrentContext().getTenantId() != >>> 0) { >>> >>>> >>>> userName = >>> >>>> >>>> CarbonContext.getCurrentContext().getUsername() + >>> >>>> >>>> "@" >>> >>>> >>>> + >>> >>>> >>>> CarbonContext.getCurrentContext().getTenantDomain(); >>> >>>> >>>> } else { >>> >>>> >>>> userName = >>> >>>> >>>> CarbonContext.getCurrentContext().getUsername(); >>> >>>> >>>> } >>> >>>> >>>> return userName.trim(); >>> >>>> >>>> } >>> >>>> >>>> >>> >>>> >>>> >>> >>>> >>>> >>> >>>> >>>> >>> >>>> >>>> [1]java.lang.NullPointerException >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.wso2.carbon.event.ws.internal.receivers.CarbonEventingMessageReceiver.handleSubscribe(CarbonEventingMessageReceiver.java:175) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.wso2.carbon.event.ws.internal.receivers.CarbonEventingMessageReceiver.processMessage(CarbonEventingMessageReceiver.java:386) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.wso2.carbon.event.ws.internal.receivers.CarbonEventingMessageReceiver.invokeBusinessLogic(CarbonEventingMessageReceiver.java:81) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110) >>> >>>> >>>> at >>> org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:205) >>> >>>> >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) >>> >>>> >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67) >>> >>>> >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:45) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:143) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:48) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1620) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) >>> >>>> >>>> at >>> >>>> >>>> >>> >>>> >>>> >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) >>> >>>> >>>> at java.lang.Thread.run(Thread.java:662) >>> >>>> >>>> -- >>> >>>> >>>> Best Regards, >>> >>>> >>>> >>> >>>> >>>> Shammi Jayasinghe >>> >>>> >>>> Senior Software Engineer; WSO2, Inc.; http://wso2.com, >>> >>>> >>>> mobile: +94 71 4493085 >>> >>>> >>>> >>> >>>> >>>> >>> >>>> >>>> >>> >>>> >>>> _______________________________________________ >>> >>>> >>>> Dev mailing list >>> >>>> >>>> [email protected] >>> >>>> >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>>> >>>> >>> >>>> >>> >>> >>>> >>> >>> >>>> >>> >>> >>>> >>> -- >>> >>>> >>> Isuru Wimalasundera >>> >>>> >>> Software Engineer; WSO2, Inc.; http://wso2.com, >>> >>>> >>> mobile: +94 77 920 5641 >>> >>>> >>> >>> >>>> >> >>> >>>> >> >>> >>>> >> >>> >>>> >> -- >>> >>>> >> Best Regards, >>> >>>> >> >>> >>>> >> Shammi Jayasinghe >>> >>>> >> Senior Software Engineer; WSO2, Inc.; http://wso2.com, >>> >>>> >> mobile: +94 71 4493085 >>> >>>> >> >>> >>>> >> >>> >>>> > >>> >>>> > >>> >>>> > >>> >>>> > -- >>> >>>> > Best Regards, >>> >>>> > >>> >>>> > Shammi Jayasinghe >>> >>>> > Senior Software Engineer; WSO2, Inc.; http://wso2.com, >>> >>>> > mobile: +94 71 4493085 >>> >>>> > >>> >>>> > >>> >>>> >>> >>>> >>> >>>> >>> >>>> -- >>> >>>> Mobile : +94773330538 >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> Amila Suriarachchi >>> >>> >>> >>> Software Architect >>> >>> WSO2 Inc. ; http://wso2.com >>> >>> lean . enterprise . middleware >>> >>> >>> >>> phone : +94 71 3082805 >>> >>> >>> >>> >>> >>> _______________________________________________ >>> >>> Dev mailing list >>> >>> [email protected] >>> >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >>> >> >>> >> >>> >> >>> >> -- >>> >> Senaka Fernando >>> >> Product Manager - WSO2 Governance Registry; >>> >> Associate Technical Lead; WSO2 Inc.; http://wso2.com >>> >> Member; Apache Software Foundation; http://apache.org >>> >> >>> >> E-mail: senaka AT wso2.com >>> >> P: +1 408 754 7388; ext: 51736; M: +94 77 322 1818 >>> >> Linked-In: http://linkedin.com/in/senakafernando >>> >> >>> >> Lean . Enterprise . Middleware >>> >> >>> > >>> > >>> > >>> > -- >>> > Senaka Fernando >>> > Product Manager - WSO2 Governance Registry; >>> > Associate Technical Lead; WSO2 Inc.; http://wso2.com >>> > Member; Apache Software Foundation; http://apache.org >>> > >>> > E-mail: senaka AT wso2.com >>> > P: +1 408 754 7388; ext: 51736; M: +94 77 322 1818 >>> > Linked-In: http://linkedin.com/in/senakafernando >>> > >>> > Lean . Enterprise . Middleware >>> > >>> >>> >>> >>> -- >>> Mobile : +94773330538 >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >> >> >> >> -- >> Dimuthu Leelarathne >> Technical Lead >> >> WSO2, Inc. (http://wso2.com) >> email: [email protected] >> >> >> Lean . Enterprise . Middleware >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Thilina Buddhika > > Associate Technical Lead > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * <http://www.apache.org/>** email: **[email protected]* <[email protected]>* cell: +94 77 3320919 blog: **http://blog.afkham.org* <http://blog.afkham.org>* twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
