You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Martin Tzvetanov Grigorov (Jira)" <ji...@apache.org> on 2023/06/08 07:26:00 UTC

[jira] [Resolved] (WICKET-7056) HttpSessionStore#getAttribute called on invalidated session

     [ https://issues.apache.org/jira/browse/WICKET-7056?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Tzvetanov Grigorov resolved WICKET-7056.
-----------------------------------------------
    Resolution: Not A Problem

Thank you for the update, [~davesman] !

> HttpSessionStore#getAttribute called on invalidated session
> -----------------------------------------------------------
>
>                 Key: WICKET-7056
>                 URL: https://issues.apache.org/jira/browse/WICKET-7056
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 8.13.0
>         Environment: Ubuntu Linux v. 18
> WebSphere AS 9.0.5.14
> Wicket 8.13.0
>            Reporter: David Rain
>            Priority: Major
>              Labels: Wicket, invalidation, session
>   Original Estimate: 4h
>  Remaining Estimate: 4h
>
> The org.apache.wicket.session.HttpSessionStore#getHttpSession does not take an invalidated session state into account.
> Thus the e.g. getAttribute method the calls the httpSession#getAttribute which results to the exception being thrown by server (WebSphere and Jetty in our case). See [https://www.ibm.com/support/pages/javalangillegalstateexception-thrown-session-manager]
> In my opinion the HttpSessionStore should check the valid state of the session before trying to access it.
> {code:java}
> Exception occurred during onEndRequest
> java.lang.IllegalStateException: The following session is not valid! FAMtHV-7DvEsvj07hsLKExc
>     at com.ibm.ws.session.http.HttpSessionImpl.getAttribute(HttpSessionImpl.java:191)
>     at com.ibm.ws.session.SessionData.getSessionValue(SessionData.java:307)
>     at com.ibm.ws.session.SessionData.getAttribute(SessionData.java:163)
>     at com.ibm.ws.session.HttpSessionFacade.getAttribute(HttpSessionFacade.java:139)
>     at org.apache.wicket.session.HttpSessionStore.getAttribute(HttpSessionStore.java:256)
>     at org.apache.wicket.session.HttpSessionStore.getWicketSession(HttpSessionStore.java:188)
>     at org.apache.wicket.session.HttpSessionStore.lookup(HttpSessionStore.java:175)
>     at org.apache.wicket.Session.bind(Session.java:268)
>     at org.apache.wicket.page.DefaultPageManagerContext.bind(DefaultPageManagerContext.java:43)
>     at org.apache.wicket.page.RequestAdapter.bind(RequestAdapter.java:88)
>     at org.apache.wicket.page.RequestAdapter.endRequest(RequestAdapter.java:187)
>     at org.apache.wicket.page.AbstractPageManager.endRequest(AbstractPageManager.java:75)
>     at org.apache.wicket.page.PageManagerDecorator.endRequest(PageManagerDecorator.java:78)
>     at org.apache.wicket.Application$2.onEndRequest(Application.java:1604)
>     at org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:85)
>     at org.apache.wicket.request.cycle.RequestCycleListenerCollection$2.notify(RequestCycleListenerCollection.java:81)
>     at org.apache.wicket.util.listener.ListenerCollection.reversedNotify(ListenerCollection.java:144)
>     at org.apache.wicket.request.cycle.RequestCycleListenerCollection.onEndRequest(RequestCycleListenerCollection.java:80)
>     at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:266)
>     at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:276)
>     at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:66)
>     at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:207)
>     at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:306)
>     at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
>     at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
>     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
>     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>     at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>     at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>     at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>     at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>     at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>     at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:208)
>     at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>     at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
>     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>     at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
>     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>     at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
>     at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
>     at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
>     at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
>     at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
>     at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
>     at cz.kb.common.context.servlet.CorrelationContextFilter.doFilter(CorrelationContextFilter.java:50)
>     at cz.kb.dcs.module_init.api.DcsCorrelationContextFilter.doFilter(DcsCorrelationContextFilter.java:92)
>     at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
>     at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
>     at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:979)
>     at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1119)
>     at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4238)
>     at com.ibm.ws.webcontainer.webapp.WebAppImpl.handleRequest(WebAppImpl.java:2210)
>     at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
>     at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1033)
>     at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
>     at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:382)
>     at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
>     at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:532)
>     at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:318)
>     at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:289)
>     at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
>     at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
>     at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:558)
>     at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:608)
>     at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:985)
>     at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1074)
>     at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909) {code}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)