You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Emond Papegaaij (Jira)" <ji...@apache.org> on 2020/10/30 09:08:00 UTC

[jira] [Commented] (WICKET-6848) Session invalidation fails because response is already committed

    [ https://issues.apache.org/jira/browse/WICKET-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17223506#comment-17223506 ] 

Emond Papegaaij commented on WICKET-6848:
-----------------------------------------

I've managed to produce a quickstart for this problem, but the stacktrace only occurs on WildFly, not on Jetty. Also, the session needs to be distributable to trigger the error. I don't understand why a distributable session has different characteristics on this. I would expect this to fail for every session type. This bug is not fixed on master yet.

For the quickstart: build the application, deploy it on wildfly, navigate to http://localhost:8080/wicket6848-1.0-SNAPSHOT and click on the link that says 'Click here!'

> Session invalidation fails because response is already committed
> ----------------------------------------------------------------
>
>                 Key: WICKET-6848
>                 URL: https://issues.apache.org/jira/browse/WICKET-6848
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket-core
>    Affects Versions: 9.1.0
>            Reporter: Emond Papegaaij
>            Priority: Major
>         Attachments: wicket6848.zip
>
>
> Since Wicket 9.1.0, we are seeing the stacktrace below. It is very likely related to the changes made with WICKET-6831. We are currently checking if this has been fixed by the latest changes on master, but I believe this is a different issue.
> From the stacktrace I deduce that the session is invalidated as part of detach, but as detach is now called after flush, it is no longer possible to invalidate the HttpSession at this point (you cannot clear the JSESSIONID cookie).
> {code}
> 17:22:11,823 ERROR [io.undertow.request] (default task-9) UT005023: Exception handling request to /idp/: java.lang.IllegalStateException: WFLYCLWEBUT0009: Invalidation attempted for session JtkqV0MvzZq-RzFBSs-K6n2CcJN72IDooNHsTBm8 after the response was committed (e.g. after HttpServletResponse.sendRedirect or sendError)
> 	at org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.validateBatch(DistributableSession.java:292)
> 	at org.wildfly.clustering.web.undertow@20.0.1.Final//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:225)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
> 	at deployment.parnassys-portal-authenticator.war//org.apache.wicket.session.HttpSessionStore.invalidate(HttpSessionStore.java:165)
> 	at deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.destroy(Session.java:508)
> 	at deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.invalidateNow(Session.java:529)
> 	at deployment.parnassys-portal-authenticator.war//org.apache.wicket.Session.detach(Session.java:684)
> 	at deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.onDetach(RequestCycle.java:674)
> 	at deployment.parnassys-portal-authenticator.war//org.apache.wicket.request.cycle.RequestCycle.detach(RequestCycle.java:614)
> 	at deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:284)
> 	at deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
> 	at deployment.parnassys-portal-authenticator.war//org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> 	at deployment.parnassys-portal-authenticator.war//nl.topicus.cobra.filter.ClickjackFilter.doFilter(ClickjackFilter.java:29)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> 	at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> 	at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> 	at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> 	at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> 	at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> 	at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> 	at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> 	at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> 	at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.jrHandle(ServletInitialHandler.java:40001)
> 	at io.undertow.servlet@2.1.3.Final//org.zeroturnaround.javarebel.integration.servlet.undertow.cbp.ServletInitialHandlerCBP.handleRequest(ServletInitialHandlerCBP.java:138)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> 	at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> 	at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
> 	at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
> 	at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
> 	at org.wildfly.extension.undertow@20.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
> 	at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
> 	at io.undertow.core@2.1.3.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:370)
> 	at io.undertow.core@2.1.3.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
> 	at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> 	at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
> 	at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
> 	at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
> 	at java.base/java.lang.Thread.run(Thread.java:834)
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)