Bug 1027272 - [GSS] (6.3.0) ContextNotActiveException thrown on session invalidation when using clustered SSO
Summary: [GSS] (6.3.0) ContextNotActiveException thrown on session invalidation when u...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ER5
: EAP 6.3.0
Assignee: Rémy Maucherat
QA Contact: Ron Šmeral
Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks: 1101472
TreeView+ depends on / blocked
 
Reported: 2013-11-06 13:02 UTC by Ron Šmeral
Modified: 2018-12-06 15:25 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous versions of JBoss EAP 6, the SSO valves did not set the context when expiring sessions associated with SSO. As a result, `ClusteredSingleSignOn` would call `WeldListener.sessionDestroyed(event)` after the session has been destroyed, resulting in a `ContextNotActiveException` upon session invalidation. In this release the SSO valves now set the context when expiring sessions associated with SSO and the ContextNotActiveException is avoided upon session invalidation.
Clone Of:
: 1101472 (view as bug list)
Environment:
Last Closed: 2014-08-06 14:40:34 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
Reproducer (9.42 KB, application/zip)
2013-11-06 13:02 UTC, Ron Šmeral 		no flags Details
standalone-ha.xml (19.42 KB, text/xml)
2013-11-06 14:46 UTC, Ron Šmeral 		no flags Details
application-roles.properties (633 bytes, text/plain)
2013-11-06 14:52 UTC, Ron Šmeral 		no flags Details
application-users.properties (811 bytes, text/plain)
2013-11-06 14:53 UTC, Ron Šmeral 		no flags Details
View All

Description Ron Šmeral 2013-11-06 13:02:46 UTC 
Created attachment 820349 [details]
Reproducer

Description of problem:
When using the clustered SSO in the standalone-ha configuration of EAP, an exception is thrown on sesion invalidation, if there is an active long-running conversation:
javax.enterprise.context.ContextNotActiveException: Conversation Context not active when method called on conversation Conversation with id: 1

This does not occur with the non-clustered SSO option, nor does it occur without the SSO, in a clustered application.

Version-Release number of selected component (if applicable):
EAP 6.2.0.ER7

Steps to Reproduce:
1. Deploy war-one and war-two
2. Open http://localhost:8080/war-one/index.jsf
3. Click war-two link (begins a conversation)
4. In the original window (http://localhost:8080/war-one/index.jsf), click logout (calls request.session.invalidate)

Actual results:
Exception appears

Expected results:
Session invalidated without exception
Comment 1 Ron Šmeral 2013-11-06 13:03:36 UTC 
Stacktrace:
13:32:13,196 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/war-one].[FacesServlet]] (http-/127.0.0.1:8080-1) JBWEB000236: Servlet.service() for servlet FacesServlet threw exception: javax.enterprise.context.ContextNotActiveException: Conversation Context not active when method called on conversation Conversation with id: 1
	at org.jboss.weld.context.conversation.ConversationImpl.verifyConversationContextActive(ConversationImpl.java:197) [weld-core-1.1.16.Final-redhat-1.jar:1.1.16.Final-redhat-1]
	at org.jboss.weld.context.conversation.ConversationImpl.getId(ConversationImpl.java:121) [weld-core-1.1.16.Final-redhat-1.jar:1.1.16.Final-redhat-1]
	at org.jboss.weld.context.AbstractConversationContext.destroy(AbstractConversationContext.java:298) [weld-core-1.1.16.Final-redhat-1.jar:1.1.16.Final-redhat-1]
	at org.jboss.weld.context.http.HttpConversationContextImpl.destroy(HttpConversationContextImpl.java:12) [weld-core-1.1.16.Final-redhat-1.jar:1.1.16.Final-redhat-1]
	at org.jboss.weld.context.http.HttpSessionContextImpl.destroy(HttpSessionContextImpl.java:42) [weld-core-1.1.16.Final-redhat-1.jar:1.1.16.Final-redhat-1]
	at org.jboss.weld.servlet.WeldListener.sessionDestroyed(WeldListener.java:93) [weld-core-1.1.16.Final-redhat-1.jar:1.1.16.Final-redhat-1]
	at org.jboss.as.web.session.ClusteredSession.expire(ClusteredSession.java:1302) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.jboss.as.web.session.ClusteredSession.expire(ClusteredSession.java:649) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.jboss.as.web.sso.ClusteredSingleSignOn.deregister(ClusteredSingleSignOn.java:494) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.jboss.as.web.sso.ClusteredSingleSignOn.logout(ClusteredSingleSignOn.java:562) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.jboss.as.web.sso.ClusteredSingleSignOn.sessionEvent(ClusteredSingleSignOn.java:282) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.jboss.as.web.session.ClusteredSession.fireSessionEvent(ClusteredSession.java:1790) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.jboss.as.web.session.ClusteredSession.expire(ClusteredSession.java:1326) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.jboss.as.web.session.ClusteredSession.invalidate(ClusteredSession.java:629) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:150) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_17]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_17]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_17]
	at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_17]
	at org.apache.el.parser.AstValue.invoke(AstValue.java:258) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:278) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) [weld-core-1.1.16.Final-redhat-1.jar:1.1.16.Final-redhat-1]
	at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) [weld-core-1.1.16.Final-redhat-1.jar:1.1.16.Final-redhat-1]
	at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) [jsf-impl-2.1.19-redhat-2.jar:2.1.19-redhat-2]
	at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87) [jboss-jsf-api_2.1_spec-2.1.19.1.Final-redhat-1.jar:2.1.19.1.Final-redhat-1]
	at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:101) [jsf-impl-2.1.19-redhat-2.jar:2.1.19-redhat-2]
	at javax.faces.component.UICommand.broadcast(UICommand.java:315) [jboss-jsf-api_2.1_spec-2.1.19.1.Final-redhat-1.jar:2.1.19.1.Final-redhat-1]
	at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:786) [jboss-jsf-api_2.1_spec-2.1.19.1.Final-redhat-1.jar:2.1.19.1.Final-redhat-1]
	at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1251) [jboss-jsf-api_2.1_spec-2.1.19.1.Final-redhat-1.jar:2.1.19.1.Final-redhat-1]
	at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) [jsf-impl-2.1.19-redhat-2.jar:2.1.19-redhat-2]
	at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [jsf-impl-2.1.19-redhat-2.jar:2.1.19-redhat-2]
	at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) [jsf-impl-2.1.19-redhat-2.jar:2.1.19-redhat-2]
	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:593) [jboss-jsf-api_2.1_spec-2.1.19.1.Final-redhat-1.jar:2.1.19.1.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.jboss.modcluster.container.jbossweb.JBossWebContext$RequestListenerValve.event(JBossWebContext.java:91)
	at org.jboss.modcluster.container.jbossweb.JBossWebContext$RequestListenerValve.invoke(JBossWebContext.java:72)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:499) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.jboss.as.web.session.ClusteredSessionValve.handleRequest(ClusteredSessionValve.java:134) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.jboss.as.web.session.ClusteredSessionValve.invoke(ClusteredSessionValve.java:99) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.jboss.as.web.session.JvmRouteValve.invoke(JvmRouteValve.java:92) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.jboss.as.web.session.LockingValve.invoke(LockingValve.java:64) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.jboss.as.web.sso.ClusteredSingleSignOn.invoke(ClusteredSingleSignOn.java:384) [jboss-as-web-7.3.0.Final-redhat-10.jar:7.3.0.Final-redhat-10]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_17]
Comment 2 JBoss JIRA Server 2013-11-06 14:40:26 UTC 
Ron Šmeral <rsmeral> made a comment on jira WELD-1544

Attaching the configuration XML with the SSO configured, necessary for reproduction.
The important change is in adding 
{{<sso cache-container="web" cache-name="sso" reauthenticate="true"/>}} to the {{default-host}} virtual server.
Comment 3 Ron Šmeral 2013-11-06 14:46:48 UTC 
Created attachment 820433 [details]
standalone-ha.xml
Comment 4 JBoss JIRA Server 2013-11-06 14:51:40 UTC 
Ron Šmeral <rsmeral> made a comment on jira WELD-1544

Attaching AS user configuration files for the reproducer.
These go into {{EAP_HOME/standalone/configuration}}.
User is {{admin}}, password is {{abc.12345}}.
Comment 5 Ron Šmeral 2013-11-06 14:52:31 UTC 
Created attachment 820434 [details]
application-roles.properties
Comment 6 Ron Šmeral 2013-11-06 14:53:08 UTC 
Created attachment 820435 [details]
application-users.properties
Comment 7 JBoss JIRA Server 2013-11-12 09:34:58 UTC 
Matej Briskar <mbriskar> made a comment on jira WELD-1544

The method WeldListener.sessionDestroyed(event) in Weld is called twice.
Comment 8 Jozef Hartinger 2013-11-12 09:51:35 UTC 
This looks like a problem with ClusteredSingleSignOn which causes WeldListener.sessionDestroyed(event) to be called after the session has been destroyed. Changing component to Web.
Comment 9 JBoss JIRA Server 2014-01-08 06:34:38 UTC 
Jozef Hartinger <jharting> updated the status of jira WELD-1544 to Resolved
Comment 10 Rémy Maucherat 2014-01-09 17:44:09 UTC 
I would say the issue is that SSO doesn't set the context when expiring sessions associated with the SSO. The difference between clustered and non clustered is that the clustered session then rethrows runtime exceptions from session lifecycle listeners (for whatever reason), while the regular one simply logs them (that seems safer).
Comment 11 Rémy Maucherat 2014-01-14 10:07:10 UTC 
First step in r2338, clustered SSO would need to use this patch to set the context classloader.
Comment 13 Rémy Maucherat 2014-05-06 12:39:24 UTC 
Trying https://github.com/jbossas/jboss-eap/pull/1302 but it might be too late for a non blocker.
Comment 15 Ron Šmeral 2014-07-02 14:39:55 UTC 
Verified on 6.3.0.ER8.
Note You need to log in before you can comment on or make changes to this bug.