You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Joerg Heinicke <jo...@gmx.de> on 2005/11/12 18:09:23 UTC

Re: ConcurrentModificationException during auth-logout

Forwarding to dev list ...

http://marc.theaimsgroup.com/?t=113024125800002&r=1&w=4

Jörg

On 25.10.2005 13:51, Fabrizio Sitzia wrote:

> Hello
> 
> I'm using Cocoon's (2.1.7 flavour) authentication framework in my webapps.
> 
> The webapps are heavily dynamic: Web requests are dispatched to the flow
> controller which - depending on the user's permissions - retrieves the
> required data from the database (using Hibernate), then sets the context for
> the view, which is finally rendered via JX templates.
> 
> Now everything's working reasonably fine: accessing the site anonymously,
> logging in, accessing the site with different user roles ...everything, except
> for that ludicrous logout!
> 
> Because logging out using the auth-logout action works randomly at best:
> 
> Sometimes it works right away, but half of the time it bombs off with a
> java.util.ConcurrentModificationException. If you go back immediately and hit
> the 'logout' link again, then - abracadabra - you will be logged out
> successfully.
> 
> Occasionally, you get logged out successfully although a
> ConcurrentModificationException has been thrown (You notice that if you try to
> access a protected resource, which will yield the login page!) That leads me
> to believe that the precise moment in time when that exception occurs must be
> pretty random as well (while or just before rendering the view!)
> 
> The bit in my sitemap which performs the auth-logout is unspectacular:
> 
> 	<map:match pattern="auth/do-logout">
> 		<map:act type="auth-logout">
> 			<map:parameter name="handler" value="rsc_auth"/>
> 		</map:act>
> 		<map:redirect-to uri="/rsc_app/index"/>
> 	</map:match>
> 
> 
> I've tried a few variations on the theme, as I initially believed that:
> 
> - The <redirect-to> tag might be placed incorrectly (inside or outside the
> <map:act> block?)
> Depending which posts or which parts of the Cocoon documentation you are
> reading, you'll find a lot of different ways for writing such a logout
> pipeline. Anyway, all variations I tried behaved in the same, faithful way
> (randomly throwing a ConcurrentModificationException during logout)
> 
> - There might be a race condition involving the rendering of the dynamic
> 'index' start page, which checks for authenticated user information in the
> session context among other things, and the auth-logout action, which
> obviously performs some session and continuations cleanup using a big, heavy
> axe!
> 
> 
> To exclude any race-conditions that might be caused by the rendering of a
> complex view, I've tried to replace the redirect-to tag with a construct which
> simply reads a static html page that says 'You've been successfully logged
> out':
> 
>     <!-- logout.xml contains a static html page -->
>     <map:generate src="logout.xml"/>
>     <map:serialize type="html"/>
> 
> ...but as you may guess by now, it made no difference :-/
> 
> 
> Looking at the error logs, it appears that the exception is always thrown at
> the same spot, during invalidateContinuations()!
> Huh?
> 
> As far as continuations are concerned, I swear to my grandpa's sandals that
> I'm not doing anything unholy with them in my code: The only locations
> affecting continuations which I'm aware of are the sitemap's <map:call>
> constructs, and the sendPage() / showForm() method invocations in my
> flowscript code.
> 
> 
> Has anyone out there experienced a similar auth-logout, ehrm, behaviour?
> Any ideas?
> 
> 
> ---- Excerpt from the error log:
> 
> ERROR   (2005-10-25) 11:44.26:215   [sitemap.handled-errors]
> (/rsc_app/auth/do-logout) PoolThread-7/ErrorHandlerHelper:
> java.util.ConcurrentModificationException
>         at java.util.HashMap$HashIterator.nextEntry(HashMap.java:782)
>         at java.util.HashMap$KeyIterator.next(HashMap.java:818)
>         at
> org.apache.cocoon.components.flow.ContinuationsManagerImpl.invalidateContinuations(ContinuationsManagerImpl.java:487)
>         at
> org.apache.cocoon.components.flow.ContinuationsManagerImpl.access$100(ContinuationsManagerImpl.java:75)
>         at
> org.apache.cocoon.components.flow.ContinuationsManagerImpl$WebContinuationsHolder.valueUnbound(ContinuationsManagerImpl.java:567)
>         at
> org.mortbay.jetty.servlet.AbstractSessionManager$Session.unbindValue(AbstractSessionManager.java:805)
>         at
> org.mortbay.jetty.servlet.AbstractSessionManager$Session.invalidate(AbstractSessionManager.java:621)
>         at
> org.apache.cocoon.environment.http.HttpSession.invalidate(HttpSession.java:239)
>         at
> org.apache.cocoon.webapps.session.components.DefaultSessionManager.terminateSession(DefaultSessionManager.java:141)
>         at
> org.apache.cocoon.webapps.authentication.components.DefaultAuthenticationManager.logout(DefaultAuthenticationManager.java:455)
>         at
> org.apache.cocoon.webapps.authentication.acting.LogoutAction.act(LogoutAction.java:76)