Re: Struts2 login action class seems to be reused

2018-05-16 Thread Prasanth 
Another update,  the LoginAction in Context2 had the below methods, two methods 
to set the request. May be I have done RequestAware and then realized it should 
be ServletRequestAware and did not
delete the setRequest method. I think having the setRequest is the culprit for 
the invalid session exception. I have went back and forth and when I have this 
method I can reproduce the error and when
I remove this method I don't get the error.

While implementing the SessionAware I removed this additional method also, so 
it worked but I was thinking that SessionAware implementation solved the issue.

Any insights as to why this additional setRequest method causes the problem? 
Would struts2 call this setRequest method even if the class is implementing 
just ServletRequestAware?

    @Override
    public void *setServletRequest*(HttpServletRequest request) {
        this.request = request;
    }

    /**
     * @return the request
     */
    public HttpServletRequest getRequest() {
        return this.request;
    }

    /**
     * @param aRequest the request to set
     */
    public void *setRequest*(HttpServletRequest aRequest) {
        this.request = aRequest;
    }

Thanks,
Prasanth

On 05/16/2018 12:44 PM, Prasanth wrote:
> We use the path as / for the cookie path that allows the session to be shared 
> between context1 and context2. The JSESSIONID also remains the same when the 
> request is forwarded.
>
> Martin asked me if  the action is session aware. It was not implementing 
> SessionAware interface even though session was accessed (using 
> request.getSession()). Artifact of code from struts1, that
> part of the code did not change when we moved the action to struts2. So 
> decided to change it and use the session map provided by struts2. Once I have 
> added SessionAware I am not able to reproduce
> the session invalid exception, did not have a problem reproducing the issue 
> before. Is this expected?
>
> Thanks,
> Prasanth
>
> On 05/16/2018 10:40 AM, Yasser Zamani wrote:
>> On 5/16/2018 7:23 PM, Prasanth wrote:
>>>  Exception: java.lang.IllegalStateException: UT10: Session is invalid 
>>> r4yb7BtBx7fwmGbzMhgeyhvSFb3sAp6FhW6m-5Op
>>> at 
>>> io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:481
>>> at 
>>> io.undertow.servlet.spec.HttpSessionImpl.getAttribute(HttpSessionImpl.java:122
>>> at com.xx.xx.LoginAction.execute(LoginAction.java:76
>> Could you see if "Best Practices: Cross-Context Dispatching and Session
>> Handling" [1] fixes your issue? However, it's about Servlets not Struts.
>>
>> Regards.
>>
>> [1] http://satworks.blogspot.com/2011/07/best-practices-cross-context.html
>>
>> -
>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> For additional commands, e-mail: user-h...@struts.apache.org
>>
>

Re: Struts2 login action class seems to be reused

2018-05-16 Thread Prasanth 
We use the path as / for the cookie path that allows the session to be shared 
between context1 and context2. The JSESSIONID also remains the same when the 
request is forwarded.

Martin asked me if we the action is session aware. It was not implementing 
SessionAware interface even though session was accessed (using 
request.getSession()). Artifact of code from struts1, that
part of the code did not change when we move the action to struts2. So decided 
to change it and use the session map provided by struts2. Once I have added 
SessionAware I am not able to reproduce the
session invalid exception, did not have a problem reproducing the issue before. 
Is this expected?

Thanks,
Prasanth

On 05/16/2018 10:40 AM, Yasser Zamani wrote:
>
> On 5/16/2018 7:23 PM, Prasanth wrote:
>>  Exception: java.lang.IllegalStateException: UT10: Session is invalid 
>> r4yb7BtBx7fwmGbzMhgeyhvSFb3sAp6FhW6m-5Op
>> at 
>> io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:481
>> at 
>> io.undertow.servlet.spec.HttpSessionImpl.getAttribute(HttpSessionImpl.java:122
>> at com.xx.xx.LoginAction.execute(LoginAction.java:76
> Could you see if "Best Practices: Cross-Context Dispatching and Session
> Handling" [1] fixes your issue? However, it's about Servlets not Struts.
>
> Regards.
>
> [1] http://satworks.blogspot.com/2011/07/best-practices-cross-context.html
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>

Re: Struts2 login action class seems to be reused

2018-05-16 Thread Yasser Zamani 


On 5/16/2018 7:23 PM, Prasanth Pasala wrote:
>  Exception: java.lang.IllegalStateException: UT10: Session is invalid 
> r4yb7BtBx7fwmGbzMhgeyhvSFb3sAp6FhW6m-5Op
> at 
> io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:481
> at 
> io.undertow.servlet.spec.HttpSessionImpl.getAttribute(HttpSessionImpl.java:122
> at com.xx.xx.LoginAction.execute(LoginAction.java:76

Could you see if "Best Practices: Cross-Context Dispatching and Session
Handling" [1] fixes your issue? However, it's about Servlets not Struts.

Regards.

[1] http://satworks.blogspot.com/2011/07/best-practices-cross-context.html

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: Struts2 login action class seems to be reused

2018-05-16 Thread Prasanth 
Martin,

We have the cookie config in the application.

     
              20
              
                  /
                true
                true
        
     

Thanks,
Prasanth

On 05/15/2018 04:03 PM, Martin Gainty wrote:
>
> 8443 indicates secure connection so perhaps a misconfig with wildfly 
> standalone.xml (see below)
>
> 
>   
>
>  
> 
>
> https://docs.jboss.org/author/display/WFLY10/Admin+Guide#AdminGuide-SessionCookieConfiguration
> Admin Guide - WildFly 10 - Project Documentation Editor 
> 
> docs.jboss.org
> Target audience. This document is a guide to the setup, administration, and 
> configuration of WildFly. Prerequisites. Before continuing, you should know 
> how to download, install and run WildFly.
>
> ?
>
> can you ping wildfly userlist ?
> https://developer.jboss.org/en/wildfly
> Space: WildFly |JBoss Developer 
> developer.jboss.org
> Log in to follow, share, and participate in this community. Not a member? 
> Join Now!
>
>
> jaikiran is a good resource that i met on a different userlist..i would 
> definitely ping him 
> stay in  touch/let me know if setting session-cookie in standalone.xml works
>
> M-
> NB: I once contracted to the company that bought wildfly..we had to figure 
> configuration by ourselves
>
> 
> *From:* Prasanth Pasala 
> *Sent:* Tuesday, May 15, 2018 11:42 AM
> *To:* user@struts.apache.org
> *Subject:* Re: Struts2 login action class seems to be reused
>  
> See below the header information when the exception occurred. Strange thing 
> is JMeter is saying it did not send any cookie (which is want I would except 
> in this case as it is just requesting the login
> page)
>
> Cookie: JSESSIONID=ZclUN41sWwTsPGRw7Cf255OHu7jnQtgt4rEZ2QDZ.    
> (xx - is the machine name on which wildfly is running)
> Connection: keep-alive
> User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_151)
> Host: dev.secure.xxx.com:8443
> Content-Length: 46
> Content-Type: application/x-www-form-urlencoded
>
> 10:09:09,150 ERROR 
> [org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler] (default 
> task-20) Exception occurred during processing request: UT10: Session is 
> invalid
> ZclUN41sWwTsPGRw7Cf255OHu7jnQtgt4rEZ2QDZ: java.lang.IllegalStateException: 
> UT10: Session is invalid ZclUN41sWwTsPGRw7Cf255OHu7jnQtgt4rEZ2QDZ
>
> From JMeter---
> GET https://dev.secure.pangburngroup.com:8443/participant/
>
> GET data:
>
>
> [no cookies]
>
> Request Headers:
> Connection: keep-alive
> Host: dev.secure.xxx.com:8443
> User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_151)
> --
>
> Thanks,
> Prasanth
>
> On 05/15/2018 07:44 AM, Martin Gainty wrote:
> > Hi Norbert/Prasanth
> >
> > Struts2 login action problem has morphed to "Invalid Session State"with 
> > Wildfly's implementation of TC 5.5
> >
> > https://en.wikipedia.org/wiki/WildFly 
> > 
> >
> > [https://upload.wikimedia.org/wikipedia/commons/thumb/a/a3/Wildfly_logo.png/200px-Wildfly_logo.png] >
> >
> > WildFly - Wikipedia
> > en.wikipedia.org
> > WildFly, formerly known as JBoss AS, or simply JBoss, is an application 
> > server authored by JBoss, now developed by Red Hat.WildFly is written in 
> > Java and implements the Java Platform, Enterprise
> Edition (Java EE) specification.
> >
> >
> > MG>as a debugging exercise I would dump HTTP Header attributes with
> >
> > http://livehttpheaders.mozdev.org/ 
> >
> > mozdev.org - livehttpheaders: index
> > livehttpheaders.mozdev.org
> > Welcome to the livehttpheaders project.. The goal of this project is to 
> > adds information about the HTTP headers in two ways: First by adding a 
> > 'Headers' tab in 'View Page Info' of a web page.
> >
> >
> > MG>then check JSESSIONID
> >
> > MG>a fellow named "Thomas" had a similar problem with incorrect JSESSIONID
> > MG>and corrected with his own StandardManager findSession method
> > https://www.thecodingforums.com/threads/session-problem-jsessionid-cookie-comes-back-with-double-quotes.140442/
> >
> > Yes, there is! I found it and implemented this solution: A class
> > extending org.apache.catalina.session.StandardManager and overriding
> > the method public Session findSession(String id) throws IOException -
> > simply rem

Re: Struts2 login action class seems to be reused

2018-05-16 Thread Prasanth Pasala 
Below is a complete stack trace.

 Exception: java.lang.IllegalStateException: UT10: Session is invalid 
r4yb7BtBx7fwmGbzMhgeyhvSFb3sAp6FhW6m-5Op
at 
io.undertow.server.session.InMemorySessionManager$SessionImpl.getAttribute(InMemorySessionManager.java:481
at 
io.undertow.servlet.spec.HttpSessionImpl.getAttribute(HttpSessionImpl.java:122
at com.xx.xx.LoginAction.execute(LoginAction.java:76
at sun.reflect.GeneratedMethodAccessor147.invoke(null:-1
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43
at java.lang.reflect.Method.invoke(Method.java:498
at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:897
at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1299
at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:68
at 
com.opensymphony.xwork2.ognl.accessor.XWorkMethodAccessor.callMethodWithDebugInfo(XWorkMethodAccessor.java:117
at 
com.opensymphony.xwork2.ognl.accessor.XWorkMethodAccessor.callMethod(XWorkMethodAccessor.java:108
at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:1375
at ognl.ASTMethod.getValueBody(ASTMethod.java:91
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212
at ognl.SimpleNode.getValue(SimpleNode.java:258
at ognl.Ognl.getValue(Ognl.java:470
at ognl.Ognl.getValue(Ognl.java:434
at com.opensymphony.xwork2.ognl.OgnlUtil$3.execute(OgnlUtil.java:362
at 
com.opensymphony.xwork2.ognl.OgnlUtil.compileAndExecuteMethod(OgnlUtil.java:414
at com.opensymphony.xwork2.ognl.OgnlUtil.callMethod(OgnlUtil.java:360
at 
com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:430
at 
com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:290
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251
at 
org.apache.struts2.interceptor.DeprecationInterceptor.intercept(DeprecationInterceptor.java:41
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245
at 
org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:256
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245
at 
com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:168
at 
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245
at 
com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265
at 
org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:76
at 
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245
at 
com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:138
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245
at 
com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:229
at 
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245
at 
com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:229
at 
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245
at 
com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245
at 
org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245
at 
org.apache.struts2.interceptor.DateTextFieldInterceptor.intercept(DateTextFieldInterceptor.java:125
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245
at 
org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245
at 
org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:253
at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:245
at 
com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercep