Hi Daniel, I can't really say. All the tests pass except for 2, and those 2 fail due to incorrect setup of a mock object. I *think* it is ok to upgrade to trunk (I'll be deploying a trunk snapshot soon myself), but of course, make sure you back up your current .jar in case you need to redeploy it.
Regards, Les On Mon, Feb 23, 2009 at 2:23 AM, Daniel J. Lauk <[email protected]>wrote: > Hello, Les. > > Do you recommend to update to SVN head to get the fix for JSEC-58? > > Thanks, > DJ > > 2009/2/23 Les Hazlewood <[email protected]>: > > Finally finished this one by resolving JSEC-57 and JSEC-58 in SVN trunk. > > Please let me know if you see further issues. > > > > Cheers, > > > > Les > > > > On Fri, Feb 20, 2009 at 10:40 AM, Les Hazlewood <[email protected]> > > wrote: > >> > >> Just an update - I didn't get home from work until after 11:30 pm last > >> night and consequently passed out :) I'll try to tackle this today or > this > >> weekend at the latest. > >> > >> Regards, > >> > >> Les > >> > >> On Thu, Feb 19, 2009 at 10:45 PM, Brad Whitaker <[email protected]> > >> wrote: > >>> > >>> Thanks Les -- I appreciate this. I took a look at this a couple of > weeks > >>> ago and it wasn't clear to me how to apply the changes to the > refactored > >>> code. > >>> > >>> Brad > >>> > >>> > >>> Les Hazlewood wrote: > >>> > >>> Hi Brad - gimme a bit - I think I can commit a solution for that > sometime > >>> today (might be late tonight though). > >>> > >>> Cheers, > >>> > >>> Les > >>> > >>> On Thu, Feb 19, 2009 at 11:44 AM, Brad Whitaker <[email protected]> > >>> wrote: > >>>> > >>>> Yes, I have been building from apache hosted subversion. Are you > >>>> referring to the 0.9.0 zip from sourceforge? > >>>> > >>>> I decided to use subversion because I'm running my WAR as ROOT and > need > >>>> the fix for JSEC-34. (At least I think I do.) > >>>> > >>>> > >>>> Daniel J. Lauk wrote: > >>>> > >>>> Did you try to build from subversion? > >>>> I did not find tags on the subversion tree, so I download the zipped > >>>> package. > >>>> > >>>> Cheers, > >>>> DJ > >>>> > >>>> 2009/2/19 Brad Whitaker <[email protected]>: > >>>> > >>>> > >>>> I was unable to apply this patch. The source files seem to have > changed > >>>> significantly. How were you able to do this? > >>>> > >>>> Daniel J. Lauk wrote: > >>>> > >>>> Hi there. > >>>> > >>>> I'm back and have good news: With the patch applied the logout is > >>>> working just fine. > >>>> > >>>> Thanks a lot, Les! > >>>> > >>>> Kind regards, > >>>> DJ > >>>> > >>>> 2009/2/18 Daniel J. Lauk <[email protected]>: > >>>> > >>>> > >>>> Hi Les, > >>>> > >>>> thank you very much for pointing this out. > >>>> I'll try my luck with the patch there and report the results later. > >>>> > >>>> Cheers, > >>>> DJ > >>>> > >>>> 2009/2/18 Les Hazlewood <[email protected]>: > >>>> > >>>> > >>>> Hi Daniel, > >>>> > >>>> There is an issue filed here: > >>>> https://issues.apache.org/jira/browse/JSEC-58 > >>>> > >>>> This happens because Spring is calling > >>>> httpServletRequest.getUserPrincipal() > >>>> after logout. The JSecurityHttpServletRequest wrapper will just call > >>>> SecurityUtils.getSubject(), without regard to if logout has been > called > >>>> yet > >>>> or not. If logout has already been called, > >>>> SecurityUtils.getSubject().getSession() will create a new session and > >>>> that > >>>> shouldn't occur during requests that have already been invalidated. > >>>> > >>>> The implementation fix will ensure that, if the subject has logged out > >>>> or > >>>> the session has been invalidated, that we'll probably return null in > >>>> those > >>>> cases. > >>>> > >>>> On Mon, Feb 16, 2009 at 2:38 PM, Daniel J. Lauk < > [email protected]> > >>>> wrote: > >>>> > >>>> > >>>> Hi List. > >>>> > >>>> We're having some trouble with the assume identity stuff I posted > >>>> about a month ago. > >>>> (I attached the classes enabling this functionality to > >>>> https://issues.apache.org/jira/browse/JSEC-37) > >>>> > >>>> When we logout on Tomcat or Glassfish (grails' jetty is no problem) an > >>>> exception occurs. > >>>> > >>>> My best guess is, that the logout invalidates the session. And as my > >>>> implementation of an assumed identity decorator stores the assumed > >>>> identity in the session, this seems to upset the servlet container. > >>>> I have the strange feeling that this is related with the > >>>> "releaseIdentity" not working properly (i.e. the field in the session > >>>> is empty, but getPrincipal() still returns the assumed identity) and > >>>> my implementation of getPrincipals. > >>>> > >>>> Any input is highly appreciated! > >>>> > >>>> Kind regards, > >>>> DJ > >>>> > >>>> For completeness' sake, this is the stacktrace: > >>>> > >>>> SEVERE: ApplicationDispatcher[] PWC1231: Servlet.service() for servlet > >>>> grails threw exception > >>>> java.lang.IllegalStateException: PWC3999: Cannot create a session > >>>> after the response has been committed > >>>> at > >>>> org.apache.catalina.connector.Request.doGetSession(Request.java:2835) > >>>> at > >>>> org.apache.catalina.connector.Request.getSession(Request.java:2570) > >>>> at > >>>> > >>>> > org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:910) > >>>> at > >>>> > >>>> > javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:227) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:645) > >>>> at > >>>> > >>>> > javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:227) > >>>> at > >>>> > >>>> > org.jsecurity.web.servlet.JSecurityHttpServletRequest.getSession(JSecurityHttpServletRequest.java:143) > >>>> at > >>>> > >>>> > org.jsecurity.web.servlet.JSecurityHttpServletRequest.getSession(JSecurityHttpServletRequest.java:165) > >>>> at > >>>> > >>>> > org.jsecurity.web.session.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:78) > >>>> at > >>>> > >>>> > org.jsecurity.session.mgt.AbstractSessionManager.start(AbstractSessionManager.java:62) > >>>> at > >>>> > >>>> > org.jsecurity.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:178) > >>>> at > >>>> > >>>> > org.jsecurity.subject.DelegatingSubject.getSession(DelegatingSubject.java:284) > >>>> at > >>>> > >>>> > org.jsecurity.subject.DelegatingSubject.getSession(DelegatingSubject.java:272) > >>>> at > >>>> > >>>> > org.jsecurity.subject.AbstractSubjectDecorator.getSession(AbstractSubjectDecorator.java:65) > >>>> at > >>>> > >>>> > org.jsecurity.subject.AssumeIdentitySubject.getAssumedPrincipal(AssumeIdentitySubject.java:118) > >>>> at > >>>> > >>>> > org.jsecurity.subject.AssumeIdentitySubject.getPrincipals(AssumeIdentitySubject.java:142) > >>>> at > >>>> > >>>> > org.jsecurity.web.DefaultWebSecurityManager.bind(DefaultWebSecurityManager.java:240) > >>>> at > >>>> > >>>> > org.jsecurity.web.DefaultWebSecurityManager.bind(DefaultWebSecurityManager.java:235) > >>>> at > >>>> > >>>> > org.jsecurity.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:418) > >>>> at > >>>> > >>>> > org.jsecurity.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:424) > >>>> at org.jsecurity.SecurityUtils.getSubject(SecurityUtils.java:53) > >>>> at > >>>> > >>>> > org.jsecurity.web.servlet.JSecurityHttpServletRequest.getSubject(JSecurityHttpServletRequest.java:88) > >>>> at > >>>> > >>>> > org.jsecurity.web.servlet.JSecurityHttpServletRequest.getSubjectPrincipal(JSecurityHttpServletRequest.java:93) > >>>> at > >>>> > >>>> > org.jsecurity.web.servlet.JSecurityHttpServletRequest.getUserPrincipal(JSecurityHttpServletRequest.java:111) > >>>> at > >>>> > >>>> > org.springframework.web.servlet.FrameworkServlet.getUsernameForRequest(FrameworkServlet.java:615) > >>>> at > >>>> > >>>> > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:596) > >>>> at > >>>> > >>>> > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501) > >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) > >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:431) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationDispatcher.doInvoke(ApplicationDispatcher.java:885) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:732) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:554) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:485) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:377) > >>>> at > >>>> > >>>> > org.codehaus.groovy.grails.web.util.WebUtils.forwardRequestForUrlMappingInfo(WebUtils.java:207) > >>>> at > >>>> > >>>> > org.codehaus.groovy.grails.web.util.WebUtils.forwardRequestForUrlMappingInfo(WebUtils.java:196) > >>>> at > >>>> > >>>> > org.codehaus.groovy.grails.web.mapping.filter.UrlMappingsFilter.doFilterInternal(UrlMappingsFilter.java:129) > >>>> at > >>>> > >>>> > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:218) > >>>> at > >>>> > >>>> > org.codehaus.groovy.grails.web.sitemesh.GrailsPageFilter.parsePage(GrailsPageFilter.java:122) > >>>> at > >>>> > >>>> > org.codehaus.groovy.grails.web.sitemesh.GrailsPageFilter.doFilter(GrailsPageFilter.java:85) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:218) > >>>> at > >>>> > >>>> > org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382) > >>>> at > >>>> > >>>> > org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:218) > >>>> at > >>>> > >>>> > org.codehaus.groovy.grails.web.servlet.filter.GrailsReloadServletFilter.doFilterInternal(GrailsReloadServletFilter.java:101) > >>>> at > >>>> > >>>> > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:218) > >>>> at > >>>> > >>>> > org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:65) > >>>> at > >>>> > >>>> > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:218) > >>>> at > >>>> > >>>> > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96) > >>>> at > >>>> > >>>> > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > >>>> at > >>>> > >>>> > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236) > >>>> at > >>>> > >>>> > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250) > >>>> at > >>>> > >>>> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:218) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardWrapperValve.preInvoke(StandardWrapperValve.java:460) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:139) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:186) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:719) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:657) > >>>> at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:96) > >>>> at > >>>> > >>>> > com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:719) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:657) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:651) > >>>> at > >>>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1030) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:142) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:719) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:657) > >>>> at > >>>> > >>>> > org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:651) > >>>> at > >>>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1030) > >>>> at > >>>> > >>>> > org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:325) > >>>> at > >>>> > >>>> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:242) > >>>> at > >>>> > >>>> > com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:180) > >>>> at > >>>> > >>>> > com.sun.grizzly.http.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:633) > >>>> at > >>>> > >>>> > com.sun.grizzly.http.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:570) > >>>> at > >>>> > >>>> > com.sun.grizzly.http.DefaultProcessorTask.process(DefaultProcessorTask.java:827) > >>>> at > >>>> > >>>> > com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:152) > >>>> at > >>>> > >>>> > com.sun.enterprise.v3.services.impl.GlassfishProtocolChain.executeProtocolFilter(GlassfishProtocolChain.java:71) > >>>> at > >>>> > >>>> > com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:103) > >>>> at > >>>> > >>>> > com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:89) > >>>> at > >>>> > >>>> > com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76) > >>>> at > >>>> > >>>> > com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:67) > >>>> at > >>>> > >>>> > com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:56) > >>>> at > >>>> > >>>> > com.sun.grizzly.util.WorkerThreadImpl.processTask(WorkerThreadImpl.java:325) > >>>> at > >>>> com.sun.grizzly.util.WorkerThreadImpl.run(WorkerThreadImpl.java:184) > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >>> > >> > > > > >
