6 Replies Latest reply on Aug 28, 2013 11:00 AM by gesh92

    Seam basic authentication causes problems

    gesh92

      Hello,

       

      We are in the process of migrating from seam 2.2 + jsf 1.2 + richfaces 3 to seam 2.3 + jsf 2.1 + richfaces 4.

      In components.xml, we have specified an authentication filter like this:

       

      <web:authentication-filter regex-url-pattern="/auth/.*|/run.*" auth-type="basic"/>
      

       

      So everything that is in /auth should require authentication. It works without any problems in seam 2.2 but in seam 2.3 an exception occurs:

       

      10:55:11,961 ERROR [stderr] (http--0.0.0.0-8080-1) javax.servlet.ServletException: java.lang.IllegalStateException: No active event context
      
      10:55:11,961 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:96)
      
      10:55:11,961 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.web.AuthenticationFilter.doFilter(AuthenticationFilter.java:117)
      
      10:55:11,961 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
      
      10:55:11,961 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
      
      10:55:11,962 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
      
      10:55:11,962 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
      
      10:55:11,962 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
      
      10:55:11,962 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53)
      
      10:55:11,962 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
      
      10:55:11,962 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
      
      10:55:11,962 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
      
      10:55:11,962 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73)
      
      10:55:11,963 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
      
      10:55:11,963 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
      
      10:55:11,963 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
      
      10:55:11,963 ERROR [stderr] (http--0.0.0.0-8080-1)     at eu.cleversoft.infonds3.support.CharsetFilter.doFilter(CharsetFilter.java:32)
      
      10:55:11,963 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
      
      10:55:11,963 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
      
      10:55:11,963 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
      
      10:55:11,963 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
      
      10:55:11,963 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:139)
      
      10:55:11,964 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:388)
      
      10:55:11,964 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57)
      
      10:55:11,964 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:49)
      
      10:55:11,964 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154)
      
      10:55:11,964 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      
      10:55:11,964 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      
      10:55:11,964 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362)
      
      10:55:11,964 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
      
      10:55:11,964 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667)
      
      10:55:11,965 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952)
      
      10:55:11,965 ERROR [stderr] (http--0.0.0.0-8080-1)     at java.lang.Thread.run(Thread.java:662)
      
      10:55:11,965 ERROR [stderr] (http--0.0.0.0-8080-1) Caused by: java.lang.IllegalStateException: No active event context
      
      10:55:11,965 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.core.Manager.instance(Manager.java:368)
      
      10:55:11,965 ERROR [stderr] (http--0.0.0.0-8080-1)     at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:73)
      
      10:55:11,965 ERROR [stderr] (http--0.0.0.0-8080-1)     ... 31 more
      

       

      The user doesn't really see anything but this causes us some other problems. The page where there is a link to the url containint "/auth/" can't process any more ajax requests.

      I've looked into the seam sources and there isn't any difference in the implementation of the basic authentication for seam 2.2 and seam 2.3

       

      Does anyone know what can be causing this or is having the same problem?

        • 1. Re: Seam basic authentication causes problems
          gesh92

          After a lot of research I believe this is a bug and created a JIRA issue: https://issues.jboss.org/browse/JBSEAM-5124

           

          The workaround is explained there.

          • 2. Re: Seam basic authentication causes problems
            maschmid

            I believe this didn't even work with facelets with Seam2.2, so a possible reason why it stopped working after your migration may be because of migrating your auth/ to JSF, or possibly a different configuration of the faces servlet mapping.

            • 3. Re: Seam basic authentication causes problems
              gesh92

              We did use facelets before, so I'm not sure it's that.

              Anyway, I believe the implementation is not very good in general. The filter starts and completes another request before returning. That's what my workaround is avoiding. Definitely not in the best way but I just wanted to make it work.

              • 4. Re: Seam basic authentication causes problems
                maschmid

                I agree, the authentication-filter is definitely broken.

                • 5. Re: Seam basic authentication causes problems
                  manarh

                  I tried to reproduce the same issue on seam 2.2.3-SNAPSHOT and it throws exactly the same exception for booking example while there is enabled AuthenticationFilter for url-pattern="/*".

                   

                  Georgi, could you try to write more details on what exact version of Seam 2.2 you used and what configuration you used that it worked for you? Example test application help the best.

                  • 6. Re: Seam basic authentication causes problems
                    gesh92

                    The exact version is Seam 2.2.2.Final. Unfortunately, I can't provide an example test application as I haven't gone through the process of creating a new application but only worked on an existing one. Also, it is likely that after this week (when my internship ends) I will not be working with Seam anymore. Thanks for looking into it though, probably others are having the same issue.

                    About the configuration - I'm not sure what should I post. It is a very large application that probably has been configured many times.

                    The authentication filter is configured in the same way as shown above.