You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Leonid Bogdanov <le...@mail.ru> on 2013/03/24 21:59:30 UTC
wicket-atmosphere issues
Hello!
I'm playing with the "wicket-atmosphere" module and, while generally it works fine, I stumbled upon a couple of issues:
1) Suppose I have a Page with a method marked with @Subscribe annotation, this subscribtion has a filter attached. Is it possible to get the Page instance inside the filter to, e.g., access Page instance variables when deciding on event filtering?
2) It seems like sometimes empty Atmosphere messages are sent to a page when a filter rejected the specific message. For such events I have the following log record on the server
[Atmosphere-AsyncWrite-1] INFO o.a.w.atmosphere.AtmosphereBehavior - onBroadcast: 0<|msg|>
and there is a JS error in a browser after receiveing the event
ERROR: Wicket.Ajax.Call.failure: Error while parsing response: Could not find root <ajax-response> element
What is the purpose of sending empty messages to a browser?
3) In my app Apache Shiro framework is integrated via a plugin adapted from "fiftyfive-wicket-shiro" project. User credentials are checked in an AJAX login form. In order to prevent a session fixation attack there is a call to invalidate old and create new session right before credentials check:
getSession().replaceSession(); // inside AjaxFallbackButton.onSubmit()
After integration with Atmosphere this code no longer works, an exception in thrown on login attempt:
22:11:41.698 [qtp18908406-24] ERROR o.a.wicket.DefaultExceptionMapper - Unexpected error occurred
org.apache.wicket.WicketRuntimeException: Method onRequest of interface org.apache.wicket.behavior.IBehaviorListener targeted at org.apache.wicket.ajax.markup.html.form.AjaxFallbackButton$1@f78197 on component [AjaxFallbackButton [Component id = submit]] threw an exception
at org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:268) ~[wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241) ~[wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:247) ~[wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:226) ~[wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:840) ~[wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64) ~[wicket-request-6.6.0.jar:6.6.0]
at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:254) [wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:211) [wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:282) [wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:244) [wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:188) [wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:267) [wicket-core-6.6.0.jar:6.6.0]
at org.atmosphere.util.AtmosphereFilterChain.doFilter(AtmosphereFilterChain.java:155) [atmosphere-runtime-1.0.8.jar:1.0.8]
at org.atmosphere.util.AtmosphereFilterChain.invokeFilterChain(AtmosphereFilterChain.java:132) [atmosphere-runtime-1.0.8.jar:1.0.8]
at org.atmosphere.handler.ReflectorServletProcessor$FilterChainServletWrapper.service(ReflectorServletProcessor.java:314) [atmosphere-runtime-1.0.8.jar:1.0.8]
at org.atmosphere.handler.ReflectorServletProcessor.onRequest(ReflectorServletProcessor.java:172) [atmosphere-runtime-1.0.8.jar:1.0.8]
at org.atmosphere.cpr.AsynchronousProcessor.action(AsynchronousProcessor.java:256) [atmosphere-runtime-1.0.8.jar:1.0.8]
at org.atmosphere.cpr.AsynchronousProcessor.suspended(AsynchronousProcessor.java:166) [atmosphere-runtime-1.0.8.jar:1.0.8]
at org.atmosphere.container.Jetty7CometSupport.service(Jetty7CometSupport.java:96) [atmosphere-runtime-1.0.8.jar:1.0.8]
at org.atmosphere.container.JettyAsyncSupportWithWebSocket.service(JettyAsyncSupportWithWebSocket.java:70) [atmosphere-runtime-1.0.8.jar:1.0.8]
at org.atmosphere.cpr.AtmosphereFramework.doCometSupport(AtmosphereFramework.java:1307) [atmosphere-runtime-1.0.8.jar:1.0.8]
at org.atmosphere.cpr.AtmosphereServlet.doPost(AtmosphereServlet.java:293) [atmosphere-runtime-1.0.8.jar:1.0.8]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) [javax.servlet-3.0.0.v201112011016.jar:na]
............
Caused by: java.lang.IllegalStateException: null
at org.eclipse.jetty.server.session.AbstractSession.checkValid(AbstractSession.java:109) ~[na:na]
at org.eclipse.jetty.server.session.HashedSession.checkValid(HashedSession.java:73) ~[na:na]
at org.eclipse.jetty.server.session.AbstractSession.getAttribute(AbstractSession.java:132) ~[na:na]
at org.apache.wicket.session.HttpSessionStore.getAttribute(HttpSessionStore.java:264) ~[wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.session.HttpSessionStore.lookup(HttpSessionStore.java:201) ~[wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.Session.bind(Session.java:262) ~[wicket-core-6.6.0.jar:6.6.0]
at org.apache.wicket.Session.replaceSession(Session.java:538) ~[wicket-core-6.6.0.jar:6.6.0]
at org.myapp.MyWebApplication$1.replaceSession(MyWebApplication.java:66) ~[classes/:na]
at org.myapp.IndexPage$2.onSubmit(IndexPage.java:137) ~[classes/:na]
at org.apache.wicket.ajax.markup.html.form.AjaxFallbackButton$1.onSubmit(AjaxFallbackButton.java:76) ~[wicket-core-6.6.0.jar:6.6.0]
Thank you.
Re: wicket-atmosphere issues
Posted by Dan Retzlaff <dr...@gmail.com>.
On Tue, Mar 26, 2013 at 4:31 AM, Emond Papegaaij <emond.papegaaij@topicus.nl
> wrote:
> On Monday 25 March 2013 00:59:30 Leonid Bogdanov wrote:
> > 3) In my app Apache Shiro framework is integrated via a plugin adapted
> > from "fiftyfive-wicket-shiro" project. User credentials are checked in an
> > AJAX login form. In order to prevent a session fixation attack there is a
> > call to invalidate old and create new session right before credentials
> > check: getSession().replaceSession(); // inside
> > AjaxFallbackButton.onSubmit() After integration with Atmosphere this code
> > no longer works, an exception in thrown on login attempt:
> >
> <cut IllegalStateException in Session>
> I'm not sure what happens here. It seems Wicket tries to read an attribute
> from the invalidated session. Does this happen even without a suspended
> connected?
>
I encountered this same issue, and traced it back to the AtmosphereRequest
caching and returning the original session, even after it had been
invalidated and replaced. I reported it upstream.
https://github.com/Atmosphere/atmosphere/pull/1139
Dan
Re: wicket-atmosphere issues
Posted by Emond Papegaaij <em...@topicus.nl>.
On Monday 25 March 2013 00:59:30 Leonid Bogdanov wrote:
> Hello!
>
> I'm playing with the "wicket-atmosphere" module and, while generally it
> works fine, I stumbled upon a couple of issues:
>
> 1) Suppose I have a Page with a method marked with @Subscribe
> annotation, this subscribtion has a filter attached. Is it possible to get
> the Page instance inside the filter to, e.g., access Page instance
> variables when deciding on event filtering?
Filtering is performed outside the scope of the pages. Fetching pages from the
page store is very expensive, especially if you are going to push events to
many pages. I suggest you put data you need for filtering in the atmosphere
resource, which is available in the filter. If that's not possible, you can
try a contextAwareFilter, but beware of the performance issues.
> 2) It seems like sometimes empty Atmosphere messages are sent to a page
> when a filter rejected the specific message. For such events I have the
> following log record on the server [Atmosphere-AsyncWrite-1] INFO
> o.a.w.atmosphere.AtmosphereBehavior - onBroadcast: 0<|msg|> and there is a
> JS error in a browser after receiveing the event
> ERROR: Wicket.Ajax.Call.failure: Error while parsing response: Could not
> find root <ajax-response> element What is the purpose of sending empty
> messages to a browser?
This seems like a bug. Please file a bug report with a quickstart. You can use
https://github.com/papegaaij/wicket-atmosphere-quickstart as a starting point.
> 3) In my app Apache Shiro framework is integrated via a plugin adapted
> from "fiftyfive-wicket-shiro" project. User credentials are checked in an
> AJAX login form. In order to prevent a session fixation attack there is a
> call to invalidate old and create new session right before credentials
> check: getSession().replaceSession(); // inside
> AjaxFallbackButton.onSubmit() After integration with Atmosphere this code
> no longer works, an exception in thrown on login attempt:
>
<cut IllegalStateException in Session>
I'm not sure what happens here. It seems Wicket tries to read an attribute
from the invalidated session. Does this happen even without a suspended
connected?
Best regards,
Emond