Skip navigation

This project is read only now. Read more.

8 Replies Latest reply on Feb 8, 2016 9:20 PM by jamat

Wilfdly 10 Final: <replication-config> issue

jamat Feb 3, 2016 9:02 PM

I want to configure session replication for my webapp and provide the <replication-granularity> parameter in the <replication-config> element of jboss-web.xml.

If I do that I get an exception when I log in. Something like that:

2016-02-03 19:51:17,702 ERROR [org.infinispan.interceptors.InvocationContextInterceptor] (default task-2) ISPN000136: Error executing command PutKeyValueCommand, writing keys [ImeNDshushdzhuSMKzpVnwGSWWtmhH5UNEhVOP-h->io.undertow.security.impl.SingleSignOnAuthenticationMechanism.SSOID]: java.lang.IllegalStateException: Transaction DummyTransaction{xid=DummyXid{id=7}, status=3} is not in a valid state to be invoking cache operations on.

at org.infinispan.interceptors.TxInterceptor.enlist(TxInterceptor.java:394)

at org.infinispan.interceptors.TxInterceptor.enlistWriteAndInvokeNext(TxInterceptor.java:357)

at org.infinispan.interceptors.TxInterceptor.visitPutKeyValueCommand(TxInterceptor.java:220)

at org.infinispan.commands.write.PutKeyValueCommand.acceptVisitor(PutKeyValueCommand.java:74)

at org.infinispan.interceptors.base.CommandInterceptor.invokeNextInterceptor(CommandInterceptor.java:99)

at org.infinispan.interceptors.base.CommandInterceptor.handleDefault(CommandInterceptor.java:113)

at org.infinispan.commands.AbstractVisitor.visitPutKeyValueCommand(AbstractVisitor.java:43)

at org.infinispan.commands.write.PutKeyValueCommand.acceptVisitor(PutKeyValueCommand.java:74)

at org.infinispan.interceptors.base.CommandInterceptor.invokeNextInterceptor(CommandInterceptor.java:99)

at org.infinispan.statetransfer.StateTransferInterceptor.handleTxWriteCommand(StateTransferInterceptor.java:306)

at org.infinispan.statetransfer.StateTransferInterceptor.handleWriteCommand(StateTransferInterceptor.java:288)

at org.infinispan.statetransfer.StateTransferInterceptor.visitPutKeyValueCommand(StateTransferInterceptor.java:107)

at org.infinispan.commands.write.PutKeyValueCommand.acceptVisitor(PutKeyValueCommand.java:74)

at org.infinispan.interceptors.base.CommandInterceptor.invokeNextInterceptor(CommandInterceptor.java:99)

at org.infinispan.interceptors.InvocationContextInterceptor.handleAll(InvocationContextInterceptor.java:107)

at org.infinispan.interceptors.InvocationContextInterceptor.handleDefault(InvocationContextInterceptor.java:76)

at org.infinispan.commands.AbstractVisitor.visitPutKeyValueCommand(AbstractVisitor.java:43)

at org.infinispan.commands.write.PutKeyValueCommand.acceptVisitor(PutKeyValueCommand.java:74)

at org.infinispan.interceptors.base.CommandInterceptor.invokeNextInterceptor(CommandInterceptor.java:99)

at org.infinispan.interceptors.base.CommandInterceptor.handleDefault(CommandInterceptor.java:113)

at org.infinispan.commands.AbstractVisitor.visitPutKeyValueCommand(AbstractVisitor.java:43)

at org.infinispan.commands.write.PutKeyValueCommand.acceptVisitor(PutKeyValueCommand.java:74)

at org.infinispan.interceptors.InterceptorChain.invoke(InterceptorChain.java:336)

at org.infinispan.cache.impl.CacheImpl.executeCommandAndCommitIfNeeded(CacheImpl.java:1672)

at org.infinispan.cache.impl.CacheImpl.putInternal(CacheImpl.java:1121)

at org.infinispan.cache.impl.CacheImpl.put(CacheImpl.java:1111)

at org.infinispan.cache.impl.DecoratedCache.put(DecoratedCache.java:453)

at org.infinispan.cache.impl.AbstractDelegatingCache.put(AbstractDelegatingCache.java:291)

at org.wildfly.clustering.web.infinispan.session.fine.FineSessionAttributes.setAttribute(FineSessionAttributes.java:65)

at org.wildfly.clustering.web.undertow.session.DistributableSession.setAttribute(DistributableSession.java:148)

at io.undertow.security.impl.SingleSignOnAuthenticationMechanism.registerSessionIfRequired(SingleSignOnAuthenticationMechanism.java:117)

at io.undertow.security.impl.SingleSignOnAuthenticationMechanism.access$100(SingleSignOnAuthenticationMechanism.java:51)

at io.undertow.security.impl.SingleSignOnAuthenticationMechanism$ResponseListener.wrap(SingleSignOnAuthenticationMechanism.java:147)

at io.undertow.security.impl.SingleSignOnAuthenticationMechanism$ResponseListener.wrap(SingleSignOnAuthenticationMechanism.java:138)

at io.undertow.server.HttpServerExchange$WrapperStreamSinkConduitFactory.create(HttpServerExchange.java:2300)

at io.undertow.server.HttpServerExchange.getResponseChannel(HttpServerExchange.java:1262)

at io.undertow.servlet.spec.ServletOutputStreamImpl.close(ServletOutputStreamImpl.java:603)

at io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(HttpServletResponseImpl.java:476)

at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:560)

at io.undertow.servlet.spec.HttpServletResponseImpl.sendRedirect(HttpServletResponseImpl.java:200)

at io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism.handleRedirectBack(ServletFormAuthenticationMechanism.java:143)

at io.undertow.security.impl.FormAuthenticationMechanism.runFormAuth(FormAuthenticationMechanism.java:133)

at io.undertow.security.impl.FormAuthenticationMechanism.authenticate(FormAuthenticationMechanism.java:96)

at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)

at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)

at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)

at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)

at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)

at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)

at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)

at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)

at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)

at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)

at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)

at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)

at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)

at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)

at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at java.lang.Thread.run(Thread.java:745)

If I remove the <replication-config> then it works fine.

Steps to reproduce using the quickstart deltaspike-authorization example:

- modify the web.xml to add <distributable/>

- create a jboss-web.xml with the following content:

<jboss-web>

<replication-config>

<replication-granularity>ATTRIBUTE</replication-granularity>

</replication-config>

</jboss-web>

- modify the standalone-full-ha.xml file to add <single-sign-on>

- start wildlfy using the full-ha configuration

- log in

1. Re: Wilfdly 10 Final: <replication-config> issue

pferraro Feb 4, 2016 12:16 PM (in response to jamat)

This is specifically an issue with SSO and is fixed by Undertow 1.3.16.Final.
Actions
2. Re: Wilfdly 10 Final: <replication-config> issue

jamat Feb 4, 2016 4:30 PM (in response to pferraro)

Thank you for the quick answer.
I assume that the next wildfly version will have the new undertow.

But now I have another problem.
Using the same example on 2 servers: A and B
I log in server A fine.
Now I go to the server B and I do not have to login. OK.
From there I click on 'logout'...and I am still logged in!

SSO does not seem to be invalidated.

This only happened if I do navigate to the other server. If I click on logout just after that I have logged in then it works fine.
Actions
3. Re: Wilfdly 10 Final: <replication-config> issue

jamat Feb 6, 2016 12:27 PM (in response to jamat)

This is a known open issue in fact: [WFLY-5932] Invalidating a session of an SSO on a different node than where the session was created does not logout the …

I hope it will be fixed quickly.
Actions
4. Re: Wilfdly 10 Final: <replication-config> issue

pferraro Feb 8, 2016 11:09 AM (in response to jamat)

This is fixed in Undertow 1.3.16.Final - you can manually update the jars in the io.undertow modules.
Actions
5. Re: Wilfdly 10 Final: <replication-config> issue

jamat Feb 8, 2016 11:17 AM (in response to pferraro)

Actually 1.3.16-Final does not the fix for my second issue. I did update the jars after your first answer and this is why I hit the other issue.
Or are you talking about my initial problem? In this case yes 1.3.16-Final fixes it.
Actions
6. Re: Wilfdly 10 Final: <replication-config> issue

jamat Feb 8, 2016 11:35 AM (in response to jamat)

I take that back: you mean that it is fixed in 1.3.16 but it requires a Wildfly modification. Correct?
Actions
7. Re: Wilfdly 10 Final: <replication-config> issue

pferraro Feb 8, 2016 12:31 PM (in response to jamat)

Correct - you'll need Add ability to disable the cached authentication mechanism · undertow-io/undertow@c8c4351 · GitHub
We're still missing code in WF to disable the cached authentication mechanism when SSO is used.
Actions
8. Re: Wilfdly 10 Final: <replication-config> issue

jamat Feb 8, 2016 9:20 PM (in response to pferraro)

Actually if I read [WFLY-5932] Invalidating a session of an SSO on a different node than where the session was created does not logout the … correctly, it seems that a new wildfly is needed but also a new undertow: Unfortunately it requires a new undertow release before it can be merged, as it relies on a new option I had to add to Undertow
Actions

Go to original post