The initial issue Chandana has mentioned is fixed by the commit to acs.jag.
Now the issue is is with session.invalidate method. Following is the
exception. Tried to catch the exception from the session host object but
didn't work. Following is the stack trace.
[2015-10-27 17:35:39,036] WARN
{org.jaggeryjs.scriptengine.util.HostObjectUtil} - Session Object has been
reserved and cannot be instantiated by a script.
[2015-10-27 17:35:39,038] ERROR
{org.apache.catalina.session.StandardSession} - Session event listener
threw exception
org.mozilla.javascript.WrappedException: Wrapped
org.jaggeryjs.scriptengine.exceptions.ScriptException: Session Object has
been reserved and cannot be instantiated by a script.
(/store/controllers/acs.jag#117)
at
org.mozilla.javascript.Context.throwAsScriptRuntimeEx(Context.java:1754)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:148)
at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:392)
at org.mozilla.javascript.BaseFunction.construct(BaseFunction.java:343)
at org.mozilla.javascript.Context.newObject(Context.java:1504)
at
org.jaggeryjs.jaggery.core.listeners.WebAppSessionListener.sessionDestroyed(WebAppSessionListener.java:113)
at
org.apache.catalina.session.StandardSession.expire(StandardSession.java:809)
at
org.apache.catalina.session.StandardSession.expire(StandardSession.java:741)
at
org.apache.catalina.session.StandardSession.invalidate(StandardSession.java:1277)
at
org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:188)
at
org.jaggeryjs.hostobjects.web.SessionHostObject.jsFunction_invalidate(SessionHostObject.java:155)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386)
at
org.mozilla.javascript.optimizer.OptRuntime.callProp0(OptRuntime.java:85)
at
org.jaggeryjs.rhino.store.controllers.c3._c_anonymous_1(/store/controllers/acs.jag:117)
at
org.jaggeryjs.rhino.store.controllers.c3.call(/store/controllers/acs.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
at
org.jaggeryjs.rhino.store.controllers.c3._c_script_0(/store/controllers/acs.jag:20)
at
org.jaggeryjs.rhino.store.controllers.c3.call(/store/controllers/acs.jag)
at
org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
at
org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
at
org.jaggeryjs.rhino.store.controllers.c3.call(/store/controllers/acs.jag)
at
org.jaggeryjs.rhino.store.controllers.c3.exec(/store/controllers/acs.jag)
at
org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
at
org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
at
org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
at
org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
at
org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748)
at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:486)
at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:378)
at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:338)
at
org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at
org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at
org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at
org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at
org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at
org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.jaggeryjs.scriptengine.exceptions.ScriptException: Session
Object has been reserved and cannot be instantiated by a script.
at
org.jaggeryjs.scriptengine.util.HostObjectUtil.getReservedHostObjectWarn(HostObjectUtil.java:66)
at
org.jaggeryjs.hostobjects.web.SessionHostObject.jsConstructor(SessionHostObject.java:36)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
... 67 more
thanks,
Chanaka
On Tue, Oct 27, 2015 at 12:44 PM, Udara Rathnayake <[email protected]> wrote:
> Hi Chandana,
>
> On Tue, Oct 27, 2015 at 12:33 PM, Chandana Napagoda <[email protected]>
> wrote:
>
>> Hi Udara,
>>
>> Changing host name using carbon.xml will not work, since it will break
>> the subscriptions and notifications.
>>
>> I have checked with Chanaka's fix, but it doesn't resolve the complete
>> story. When user clicks on the Logout link in the Store, it still throws
>> same exception I have pointed in my first mail.
>>
> Let's improve this fix then.
>
>>
>> Regards,
>> Chandana
>>
>> On Tue, Oct 27, 2015 at 11:54 AM, Udara Rathnayake <[email protected]>
>> wrote:
>>
>>> Hi Chandana,
>>>
>>> Please check whether we are shifting host name in this process, eg :- IP
>>> to Host or vice versa.
>>> If this is the problem we can avoid by using consistent host-name.
>>>
>> I mean not to update hostname within carbon.xml, but to use consistent
> (hostname or IP) in URL while browsing.
>
>>
>>> Anyway noticed that Chanaka solving this issue by not using session to
>>> store relaystate. Hope this will solve this problem.
>>>
>>> Regards,
>>> UdaraR
>>>
>>>
>>> On Tue, Oct 27, 2015 at 11:41 AM, Chandana Napagoda <[email protected]>
>>> wrote:
>>>
>>>> Hi Udara,
>>>>
>>>> I am not clicking on "Go to Store" link shown in the publisher. Steps I
>>>> am following are as below.
>>>>
>>>> - Go to Store URL and access it through anonymous mode.
>>>> - Then access the Publisher URL in a different tab of the same
>>>> browser.
>>>> - Then log into Publisher app and navigate to Store app which was
>>>> already opened in a different tab.
>>>> - Click "Signin" link.
>>>>
>>>> Also, please note that same behavior works fine with G-Reg 5.0.1 and
>>>> 5.0.0 packs.
>>>>
>>>> Regards,
>>>> Chandana
>>>>
>>>>
>>>> On Mon, Oct 26, 2015 at 1:59 PM, Udara Rathnayake <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> As we understood this happens only when we navigate to the store via
>>>>> "Go to Store" link which is provided by GREG extensions.
>>>>> Problem here is you are initially logging in to the publisher using
>>>>> hostname "localhost" and then redirect to the store using IP.
>>>>>
>>>>> In publisher.json you have defined "storeUrl" :
>>>>> "%https.host%/store", you can avoid https.host and have it like
>>>>> "storeUrl"
>>>>> : "/store"
>>>>>
>>>>> So this is not due to any of the SSO related changes we have done
>>>>> recently(inorder to fix XSS/RFI issues).
>>>>>
>>>>> Regards,
>>>>> UdaraR
>>>>>
>>>>>
>>>>> On Sun, Oct 25, 2015 at 10:19 AM, Chandana Napagoda <[email protected]
>>>>> > wrote:
>>>>>
>>>>>> Hi Udara,
>>>>>>
>>>>>> Here are the steps to reproduce this issue:
>>>>>>
>>>>>> 1). Unzip G-Reg 5.1.0-SNAPSHOT pack an start it.
>>>>>> 2). Load Store and Publisher sites in the same browser, different
>>>>>> tabs.
>>>>>> 3). Login to the publisher and perform some operations.
>>>>>> 4). Then navigate to Store tab and click on Signin link. Then a 500
>>>>>> error page is displayed and an exception is thrown in the backend.
>>>>>> 5). After that change the URL to "http://localhost:9443/store"; which
>>>>>> shows in logged in view.
>>>>>> 6). Then click on the Signout link in the top right corner. Same 500
>>>>>> error page is displayed and again an exception is thrown in the backend.
>>>>>>
>>>>>> Regards,
>>>>>> Chandana
>>>>>>
>>>>>> On Sat, Oct 24, 2015 at 10:17 AM, Udara Rathnayake <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Chandana,
>>>>>>>
>>>>>>> Had a look at this in a ES pack with all latest fixes done for
>>>>>>> (jaggeryapps + jaggery-extensions[1]), But haven't face such issue. Let
>>>>>>> me
>>>>>>> know the exact steps to reproduce.
>>>>>>>
>>>>>>> [1]
>>>>>>> https://github.com/wso2/jaggery-extensions/commit/6a572c32de0b4f2ab9a1e52a3b5c62af5f7294a6
>>>>>>>
>>>>>>> Regards,
>>>>>>> UdaraR
>>>>>>>
>>>>>>> On Sat, Oct 24, 2015 at 9:32 AM, Chandana Napagoda <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> Hi ES team,
>>>>>>>>
>>>>>>>> With the latest carbon store changes, we have noticed that if the
>>>>>>>> very first logged in user first access the publisher and then login to
>>>>>>>> store using SSO, an exception is logged. Further if user click on
>>>>>>>> logout,
>>>>>>>> again another exception is logged. Is this errors occurring due to
>>>>>>>> recent
>>>>>>>> SSO changes done in store side?
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Chandana
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Chandana Napagoda*
>>>>>>>> Senior Software Engineer
>>>>>>>> WSO2 Inc. - http://wso2.org
>>>>>>>>
>>>>>>>> *Email : [email protected] <[email protected]>**Mobile :
>>>>>>>> +94718169299 <%2B94718169299>*
>>>>>>>>
>>>>>>>> *Blog : http://cnapagoda.blogspot.com
>>>>>>>> <http://cnapagoda.blogspot.com>*
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Chandana Napagoda*
>>>>>> Senior Software Engineer
>>>>>> WSO2 Inc. - http://wso2.org
>>>>>>
>>>>>> *Email : [email protected] <[email protected]>**Mobile :
>>>>>> +94718169299 <%2B94718169299>*
>>>>>>
>>>>>> *Blog : http://cnapagoda.blogspot.com
>>>>>> <http://cnapagoda.blogspot.com>*
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Chandana Napagoda*
>>>> Senior Software Engineer
>>>> WSO2 Inc. - http://wso2.org
>>>>
>>>> *Email : [email protected] <[email protected]>**Mobile :
>>>> +94718169299 <%2B94718169299>*
>>>>
>>>> *Blog : http://cnapagoda.blogspot.com
>>>> <http://cnapagoda.blogspot.com>*
>>>>
>>>>
>>>
>>
>>
>> --
>> *Chandana Napagoda*
>> Senior Software Engineer
>> WSO2 Inc. - http://wso2.org
>>
>> *Email : [email protected] <[email protected]>**Mobile : +94718169299
>> <%2B94718169299>*
>>
>> *Blog : http://cnapagoda.blogspot.com <http://cnapagoda.blogspot.com>*
>>
>>
>
--
Chanaka Jayasena
Senior Software Engineer; WSO2, Inc.; http://wso2.com/
email: [email protected]; cell: +94 77 785 5565
blog: http://chanaka3d.blogspot.com
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
