You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Sitaram Reddy (JIRA)" <ji...@apache.org> on 2008/12/01 23:15:36 UTC
[jira] Created: (WW-2902) Session token usage error:
java.lang.IllegalStateException: Context has not been prepared for next
connection
Session token usage error: java.lang.IllegalStateException: Context has not been prepared for next connection
-------------------------------------------------------------------------------------------------------------
Key: WW-2902
URL: https://issues.apache.org/struts/browse/WW-2902
Project: Struts 2
Issue Type: Bug
Components: Core Interceptors
Affects Versions: 2.1.2
Reporter: Sitaram Reddy
I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
Map session = ActionContext.getContext().getSession();
synchronized (session) {
if (!TokenHelper.validToken()) {
return handleInvalidToken(invocation);
}
return handleValidToken(invocation);
}
I found that the session Map is thread dependant and so the above block is essentially not synchronized! An previous bug WW-1786 also points out that the block is not synchronized - that fix would be redundant once this issue is resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WW-2902) Session token usage error:
java.lang.IllegalStateException: Context has not been prepared for next
connection
Posted by "Musachy Barroso (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=45107#action_45107 ]
Musachy Barroso commented on WW-2902:
-------------------------------------
It doesn't matter because the remove/add/get will try to sync on the real session, which is wrapped in the SessionMap, and that reference will be locked already. We should change it to user ServletActionContext.getRequest().getSession() just for consistency.
> Session token usage error: java.lang.IllegalStateException: Context has not been prepared for next connection
> -------------------------------------------------------------------------------------------------------------
>
> Key: WW-2902
> URL: https://issues.apache.org/struts/browse/WW-2902
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.1.2
> Reporter: Sitaram Reddy
> Fix For: 2.1.3
>
>
> I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
> Map session = ActionContext.getContext().getSession();
> synchronized (session) {
> if (!TokenHelper.validToken()) {
> return handleInvalidToken(invocation);
> }
> return handleValidToken(invocation);
> }
> This block is essentially not synchronized! I found that the session Map is not a unique object across requests within an user session - in contrast with the HttpSession object provided by the Servlet API. Perhaps that should be considered the real bug?
> A previous bug WW-1786 also points out that the above block is not synchronized - that fix would be redundant once this issue is resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WW-2902) Session token usage error:
java.lang.IllegalStateException: Context has not been prepared for next
connection
Posted by "Sitaram Reddy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=45111#action_45111 ]
Sitaram Reddy commented on WW-2902:
-----------------------------------
In the above comment I said, have ActionContext.getContext().getSession() return an object that has SESSION scope. To be precise, what I mean is to have ActionContext maintain at the SESSION scope the object it stores in its context Map using the key "SESSION". I understand this contradicts what the javadoc for the class ActionContext says: The ActionContext is thread local which means that values stored in the ActionContext are unique per thread. I'll leave it to the Struts gurus to resolve the conflict as thay see fit :-)
> Session token usage error: java.lang.IllegalStateException: Context has not been prepared for next connection
> -------------------------------------------------------------------------------------------------------------
>
> Key: WW-2902
> URL: https://issues.apache.org/struts/browse/WW-2902
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.1.2
> Reporter: Sitaram Reddy
> Fix For: 2.1.3
>
>
> I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
> Map session = ActionContext.getContext().getSession();
> synchronized (session) {
> if (!TokenHelper.validToken()) {
> return handleInvalidToken(invocation);
> }
> return handleValidToken(invocation);
> }
> This block is essentially not synchronized! I found that the session Map is not a unique object across requests within an user session - in contrast with the HttpSession object provided by the Servlet API. Perhaps that should be considered the real bug?
> A previous bug WW-1786 also points out that the above block is not synchronized - that fix would be redundant once this issue is resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WW-2902) Session token usage error:
java.lang.IllegalStateException: Context has not been prepared for next
connection
Posted by "Sitaram Reddy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=45109#action_45109 ]
Sitaram Reddy commented on WW-2902:
-----------------------------------
This issue should be reopened. The above resolution fixes this specific issue but does not address the root cause. I notice ExecuteAndWaitInterceptor.doIntercept(...) also uses this object ( = ActionContext.getContext().getSession() ) to synchronize a block of code. There may be others still doing the same.
It seems to me the root cause of this problem is the assumption that ActionContext.getContext().getSession() is an object of SESSION scope. That would be a natural assumption. After all, it is a substitute for the HttpSession object which has SESSION scope. That a 'getSession()' method would return a 'Session' kind of an object that would be of SESSION scope makes sense. Developers have implicitly assumed this, and have often times used the variabale name 'session' for this object. And, apparently, they have been using this object to synchronize threads across a SESSION. It would involve a lot more work, but I believe the correct fix for this issue is to have ActionContext.getContext().getSession() return an object that has SESSION scope.
> Session token usage error: java.lang.IllegalStateException: Context has not been prepared for next connection
> -------------------------------------------------------------------------------------------------------------
>
> Key: WW-2902
> URL: https://issues.apache.org/struts/browse/WW-2902
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.1.2
> Reporter: Sitaram Reddy
> Fix For: 2.1.3
>
>
> I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
> Map session = ActionContext.getContext().getSession();
> synchronized (session) {
> if (!TokenHelper.validToken()) {
> return handleInvalidToken(invocation);
> }
> return handleValidToken(invocation);
> }
> This block is essentially not synchronized! I found that the session Map is not a unique object across requests within an user session - in contrast with the HttpSession object provided by the Servlet API. Perhaps that should be considered the real bug?
> A previous bug WW-1786 also points out that the above block is not synchronized - that fix would be redundant once this issue is resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WW-2902) Session token usage error:
java.lang.IllegalStateException: Context has not been prepared for next
connection
Posted by "Sitaram Reddy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sitaram Reddy updated WW-2902:
------------------------------
Description:
I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
Map session = ActionContext.getContext().getSession();
synchronized (session) {
if (!TokenHelper.validToken()) {
return handleInvalidToken(invocation);
}
return handleValidToken(invocation);
}
This block is essentially not synchronized! I found that the session Map is not a unique object across requests within an user session - in contrast with the HttpSession object provided by the Servlet API. Perhaps that should be considered the real bug?
A previous bug WW-1786 also points out that the above block is not synchronized - that fix would be redundant once this issue is resolved.
was:
I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
Map session = ActionContext.getContext().getSession();
synchronized (session) {
if (!TokenHelper.validToken()) {
return handleInvalidToken(invocation);
}
return handleValidToken(invocation);
}
I found that the session Map is thread dependant and so the above block is essentially not synchronized! An previous bug WW-1786 also points out that the block is not synchronized - that fix would be redundant once this issue is resolved.
> Session token usage error: java.lang.IllegalStateException: Context has not been prepared for next connection
> -------------------------------------------------------------------------------------------------------------
>
> Key: WW-2902
> URL: https://issues.apache.org/struts/browse/WW-2902
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.1.2
> Reporter: Sitaram Reddy
>
> I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
> Map session = ActionContext.getContext().getSession();
> synchronized (session) {
> if (!TokenHelper.validToken()) {
> return handleInvalidToken(invocation);
> }
> return handleValidToken(invocation);
> }
> This block is essentially not synchronized! I found that the session Map is not a unique object across requests within an user session - in contrast with the HttpSession object provided by the Servlet API. Perhaps that should be considered the real bug?
> A previous bug WW-1786 also points out that the above block is not synchronized - that fix would be redundant once this issue is resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WW-2902) Session token usage error:
java.lang.IllegalStateException: Context has not been prepared for next
connection
Posted by "Dave Newton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=45106#action_45106 ]
Dave Newton commented on WW-2902:
---------------------------------
Does it matter that TokenHelper uses the getcontext().getSession() call?
> Session token usage error: java.lang.IllegalStateException: Context has not been prepared for next connection
> -------------------------------------------------------------------------------------------------------------
>
> Key: WW-2902
> URL: https://issues.apache.org/struts/browse/WW-2902
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.1.2
> Reporter: Sitaram Reddy
> Fix For: 2.1.3
>
>
> I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
> Map session = ActionContext.getContext().getSession();
> synchronized (session) {
> if (!TokenHelper.validToken()) {
> return handleInvalidToken(invocation);
> }
> return handleValidToken(invocation);
> }
> This block is essentially not synchronized! I found that the session Map is not a unique object across requests within an user session - in contrast with the HttpSession object provided by the Servlet API. Perhaps that should be considered the real bug?
> A previous bug WW-1786 also points out that the above block is not synchronized - that fix would be redundant once this issue is resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WW-2902) Session token usage error:
java.lang.IllegalStateException: Context has not been prepared for next
connection
Posted by "Musachy Barroso (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=45105#action_45105 ]
Musachy Barroso commented on WW-2902:
-------------------------------------
I replaced :
Map session = ActionContext.getContext().getSession();
by:
HttpSession session = ServletActionContext.getRequest().getSession(true);
so the sync happens on the right object.
> Session token usage error: java.lang.IllegalStateException: Context has not been prepared for next connection
> -------------------------------------------------------------------------------------------------------------
>
> Key: WW-2902
> URL: https://issues.apache.org/struts/browse/WW-2902
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.1.2
> Reporter: Sitaram Reddy
> Fix For: 2.1.3
>
>
> I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
> Map session = ActionContext.getContext().getSession();
> synchronized (session) {
> if (!TokenHelper.validToken()) {
> return handleInvalidToken(invocation);
> }
> return handleValidToken(invocation);
> }
> This block is essentially not synchronized! I found that the session Map is not a unique object across requests within an user session - in contrast with the HttpSession object provided by the Servlet API. Perhaps that should be considered the real bug?
> A previous bug WW-1786 also points out that the above block is not synchronized - that fix would be redundant once this issue is resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WW-2902) Session token usage error:
java.lang.IllegalStateException: Context has not been prepared for next
connection
Posted by "Musachy Barroso (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=45104#action_45104 ]
Musachy Barroso commented on WW-2902:
-------------------------------------
Yes, a new object of type SessionMap is created that wraps the HttpSession object, synchronizing on that object is useless.
> Session token usage error: java.lang.IllegalStateException: Context has not been prepared for next connection
> -------------------------------------------------------------------------------------------------------------
>
> Key: WW-2902
> URL: https://issues.apache.org/struts/browse/WW-2902
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.1.2
> Reporter: Sitaram Reddy
>
> I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
> Map session = ActionContext.getContext().getSession();
> synchronized (session) {
> if (!TokenHelper.validToken()) {
> return handleInvalidToken(invocation);
> }
> return handleValidToken(invocation);
> }
> This block is essentially not synchronized! I found that the session Map is not a unique object across requests within an user session - in contrast with the HttpSession object provided by the Servlet API. Perhaps that should be considered the real bug?
> A previous bug WW-1786 also points out that the above block is not synchronized - that fix would be redundant once this issue is resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (WW-2902) Session token usage error:
java.lang.IllegalStateException: Context has not been prepared for next
connection
Posted by "Musachy Barroso (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Musachy Barroso resolved WW-2902.
---------------------------------
Resolution: Fixed
Fix Version/s: 2.1.3
> Session token usage error: java.lang.IllegalStateException: Context has not been prepared for next connection
> -------------------------------------------------------------------------------------------------------------
>
> Key: WW-2902
> URL: https://issues.apache.org/struts/browse/WW-2902
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.1.2
> Reporter: Sitaram Reddy
> Fix For: 2.1.3
>
>
> I have looked into the source code and found the reason. In TokenInterceptor.doIntercept(...), there is this code:
> Map session = ActionContext.getContext().getSession();
> synchronized (session) {
> if (!TokenHelper.validToken()) {
> return handleInvalidToken(invocation);
> }
> return handleValidToken(invocation);
> }
> This block is essentially not synchronized! I found that the session Map is not a unique object across requests within an user session - in contrast with the HttpSession object provided by the Servlet API. Perhaps that should be considered the real bug?
> A previous bug WW-1786 also points out that the above block is not synchronized - that fix would be redundant once this issue is resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.