4 Replies Latest reply on Jan 12, 2016 3:46 PM by pferraro

    Getting NPE when calling session.invalidate()



      We are trying to upgrade from JBoss 7 to Wildfly 8.2.1 and encountered NullPointerException throw by inifinispan FineSessionFactory$1, the throw stack as below:

      13:12:35,554 ERROR [io.undertow.request] (default task-32) UT005023: Exception handling request to /<our system url>: java.lang.NullPointerException

          at org.wildfly.clustering.web.infinispan.session.fine.FineSessionFactory$1.invoke(FineSessionFactory.java:103)

          at org.wildfly.clustering.web.infinispan.session.fine.FineSessionFactory$1.invoke(FineSessionFactory.java:100)

          at org.jboss.as.clustering.infinispan.invoker.SimpleCacheInvoker.invoke(SimpleCacheInvoker.java:34)

          at org.jboss.as.clustering.infinispan.invoker.RetryingCacheInvoker.invoke(RetryingCacheInvoker.java:87)

          at org.wildfly.clustering.web.infinispan.session.fine.FineSessionFactory.remove(FineSessionFactory.java:109)

          at org.wildfly.clustering.web.infinispan.session.fine.FineSessionFactory.remove(FineSessionFactory.java:53)

          at org.wildfly.clustering.web.infinispan.session.InfinispanSession.invalidate(InfinispanSession.java:74)

          at org.wildfly.clustering.web.infinispan.session.InfinispanSessionManager$SchedulableSession.invalidate(InfinispanSessionManager.java:359)

          at org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:140)

          at io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:199) [undertow-servlet-1.1.8.Final.jar:1.1.8.Final]

      ... // our application code, just calling "session.invalidate()"


      Actually, we are using Jasig CAS as the authentication/ SSO provider (Jasig/cas · GitHub), basically when the user login the system, there is a filter which associate the CAS ticket (provided by the authentication provider) to the user session object in a hash map (key is the ticket, value is the session object). And for single sign out, the authentication provider will issue a callback to the system and the same filter retrieve the user session object in the hash map by the ticket and call "session.invalidate()" to invalidate the session, the null pointer exception occurred when calling that: https://github.com/Jasig/java-cas-client/blob/94cd857a73ade1409e09ca62ba527e3882f7538e/cas-client-core/src/main/java/org/jasig/cas/client/session/SingleSignOutHandler.java#L308


      The system is clustering enabled, so the backing session manager is InfinispanSessionManager.


      Is this a Wildfly bug? Should I report this to them? Or anything we can do to avoid/ workaround this issue?

      Thank you very much.



      Updated on Jan 11, 2016:

      Finally I can reproduce this issue by a simplified sample, please consider the attached WAR files (session-invalidate-replication-attribute.war, session-invalidate-replication-session.war and session-invalidate-noreplication.war). Those samples are the same except the session replication settings (located in jboss-web.xml -> replication-granularity). From the sample we can check that non-clustering version (i.e. session-invalidate-noreplication.war) and replication whole session version (i.e. session-invalidate-replication-session.war) works fine when invalidating the invalidated session (By the specification, should throw IllegalStateException when invalidating an already invalidated session), while replication dirty attribute version (i.e. session-invalidate-replication-attribute.war) not working with throwing NullPointerException.


      We suspected that it should be indeed a bug, and would like to report this to Wildfly team.


      訊息由此人編輯:Sammy Chu