You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Joerg Heinicke <jo...@gmx.de> on 2005/11/12 18:09:23 UTC
Re: ConcurrentModificationException during auth-logout
Forwarding to dev list ...
http://marc.theaimsgroup.com/?t=113024125800002&r=1&w=4
Jörg
On 25.10.2005 13:51, Fabrizio Sitzia wrote:
> Hello
>
> I'm using Cocoon's (2.1.7 flavour) authentication framework in my webapps.
>
> The webapps are heavily dynamic: Web requests are dispatched to the flow
> controller which - depending on the user's permissions - retrieves the
> required data from the database (using Hibernate), then sets the context for
> the view, which is finally rendered via JX templates.
>
> Now everything's working reasonably fine: accessing the site anonymously,
> logging in, accessing the site with different user roles ...everything, except
> for that ludicrous logout!
>
> Because logging out using the auth-logout action works randomly at best:
>
> Sometimes it works right away, but half of the time it bombs off with a
> java.util.ConcurrentModificationException. If you go back immediately and hit
> the 'logout' link again, then - abracadabra - you will be logged out
> successfully.
>
> Occasionally, you get logged out successfully although a
> ConcurrentModificationException has been thrown (You notice that if you try to
> access a protected resource, which will yield the login page!) That leads me
> to believe that the precise moment in time when that exception occurs must be
> pretty random as well (while or just before rendering the view!)
>
> The bit in my sitemap which performs the auth-logout is unspectacular:
>
> <map:match pattern="auth/do-logout">
> <map:act type="auth-logout">
> <map:parameter name="handler" value="rsc_auth"/>
> </map:act>
> <map:redirect-to uri="/rsc_app/index"/>
> </map:match>
>
>
> I've tried a few variations on the theme, as I initially believed that:
>
> - The <redirect-to> tag might be placed incorrectly (inside or outside the
> <map:act> block?)
> Depending which posts or which parts of the Cocoon documentation you are
> reading, you'll find a lot of different ways for writing such a logout
> pipeline. Anyway, all variations I tried behaved in the same, faithful way
> (randomly throwing a ConcurrentModificationException during logout)
>
> - There might be a race condition involving the rendering of the dynamic
> 'index' start page, which checks for authenticated user information in the
> session context among other things, and the auth-logout action, which
> obviously performs some session and continuations cleanup using a big, heavy
> axe!
>
>
> To exclude any race-conditions that might be caused by the rendering of a
> complex view, I've tried to replace the redirect-to tag with a construct which
> simply reads a static html page that says 'You've been successfully logged
> out':
>
> <!-- logout.xml contains a static html page -->
> <map:generate src="logout.xml"/>
> <map:serialize type="html"/>
>
> ...but as you may guess by now, it made no difference :-/
>
>
> Looking at the error logs, it appears that the exception is always thrown at
> the same spot, during invalidateContinuations()!
> Huh?
>
> As far as continuations are concerned, I swear to my grandpa's sandals that
> I'm not doing anything unholy with them in my code: The only locations
> affecting continuations which I'm aware of are the sitemap's <map:call>
> constructs, and the sendPage() / showForm() method invocations in my
> flowscript code.
>
>
> Has anyone out there experienced a similar auth-logout, ehrm, behaviour?
> Any ideas?
>
>
> ---- Excerpt from the error log:
>
> ERROR (2005-10-25) 11:44.26:215 [sitemap.handled-errors]
> (/rsc_app/auth/do-logout) PoolThread-7/ErrorHandlerHelper:
> java.util.ConcurrentModificationException
> at java.util.HashMap$HashIterator.nextEntry(HashMap.java:782)
> at java.util.HashMap$KeyIterator.next(HashMap.java:818)
> at
> org.apache.cocoon.components.flow.ContinuationsManagerImpl.invalidateContinuations(ContinuationsManagerImpl.java:487)
> at
> org.apache.cocoon.components.flow.ContinuationsManagerImpl.access$100(ContinuationsManagerImpl.java:75)
> at
> org.apache.cocoon.components.flow.ContinuationsManagerImpl$WebContinuationsHolder.valueUnbound(ContinuationsManagerImpl.java:567)
> at
> org.mortbay.jetty.servlet.AbstractSessionManager$Session.unbindValue(AbstractSessionManager.java:805)
> at
> org.mortbay.jetty.servlet.AbstractSessionManager$Session.invalidate(AbstractSessionManager.java:621)
> at
> org.apache.cocoon.environment.http.HttpSession.invalidate(HttpSession.java:239)
> at
> org.apache.cocoon.webapps.session.components.DefaultSessionManager.terminateSession(DefaultSessionManager.java:141)
> at
> org.apache.cocoon.webapps.authentication.components.DefaultAuthenticationManager.logout(DefaultAuthenticationManager.java:455)
> at
> org.apache.cocoon.webapps.authentication.acting.LogoutAction.act(LogoutAction.java:76)