[JBoss-dev] [ jboss-Bugs-713613 ] Unable to use declarative security with HTTP clustering

Tue, 01 Apr 2003 16:02:06 -0800 

Bugs item #713613, was opened at 2003-04-01 19:09
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=376685&aid=713613&group_id=22866

Category: Clustering
Group: v3.2
Status: Open
Resolution: None
Priority: 5
Submitted By: Mike Finn (mikefinn)
Assigned to: Nobody/Anonymous (nobody)
Summary: Unable to use declarative security with HTTP clustering

Initial Comment:
Basic application w/ declarative security and HTTP 
session clustering enabled. When I post to 
j_security_check, I get the stack trace below.

When j_security is invoked, I am getting the exception 
below. I have other applications (not using JAAS) which 
are working fine in the http session clustered 
environment. If it matters, I am using mod_jk2 in front as 
a load balancer.
 
Anyway, I did some digging and a session attribute is 
being set of type JBossUserPrincipal (inner class to 
JBossUserRealm), which is in fact not serializable. I 
have started down the path to making things 
serializable, but am into stuff that I am not sure should 
be serializing (such as JaasSecurityManager).

I'd be glad to do the fix, but may need some help from 
Scott/Jules/etc. I am assuming the principal should be 
in the distributed session.

Also, I saw a post in forums that someone had the 
problem with 3.0.4.

I can include an EAR if necessary.

mike

14:18:29,541 WARN  [jbossweb] WARNING: Exception 
for /opm/j_security_check
java.lang.IllegalArgumentException: distributed attribute 
value must be 
Serializable,EJBObject,EJBHome,UserTransaction or 
Context: mjf860
        at 
org.mortbay.j2ee.session.TypeCheckingInterceptor.setAt
tribute(TypeCheckingInterceptor.java:76)
        at 
org.mortbay.j2ee.session.StateInterceptor.setAttribute
(StateInterceptor.java:78)
        at 
org.mortbay.j2ee.session.AroundInterceptor.setAttribute
(AroundInterceptor.java:198)
        at 
org.mortbay.j2ee.session.StateAdaptor.setAttribute
(StateAdaptor.java:249)
        at 
org.mortbay.jetty.servlet.FormAuthenticator.authenticate
d(FormAuthenticator.java:118)
        at org.mortbay.http.SecurityConstraint.check
(SecurityConstraint.java:401)
        at 
org.mortbay.http.HttpContext.checkSecurityConstraints
(HttpContext.java:1456)
        at 
org.mortbay.jetty.servlet.ServletHttpContext.checkSecuri
tyConstraints(ServletHttpContext.java:137)
        at 
org.mortbay.jetty.servlet.WebApplicationHandler.dispatc
h(WebApplicationHandler.java:235)
        at org.mortbay.jetty.servlet.ServletHandler.handle
(ServletHandler.java:558)
        at org.mortbay.http.HttpContext.handle
(HttpContext.java:1714)


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=376685&aid=713613&group_id=22866


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to