4 Replies Latest reply on Aug 27, 2007 10:29 AM by steve tynor

    login-required and no-conversation-view-id causing infinite

    Jacob Orshalick Apprentice

      Currently, I am using Seam 2.0.0.BETA1. When I setup a page as login-required="true" in pages.xml and then specify a no-conversation-view-id an infinite redirect occurs if the session times out and a POST request is then made by the user. Here is a snippet of my pages.xml configuration:

      <pages login-view-id="/common/login.jsp">
       <!-- Security configuration -->
      
       <page view-id="*" scheme="http"/>
      
       <page view-id="/administration/*" scheme="http" login-required="true">
       <restrict>#{s:hasRole('Administrator')}</restrict>
       </page>
      
       <page view-id="/status/*" login-required="true" no-conversation-view-id="/status/search.xhtml">
       <restrict>#{s:hasRole('appRole')}</restrict>
       </page>
      


      When accessing a page under /status/* the first access always redirects to login.jsp as expected. The user then logs in and continues working with the application. If the HTTP session is then allowed to timeout, a GET request will behave as expected and redirect to the login.jsp. A POST on the other hand will cause an infinite redirect with the following stacktrace:

      2007-08-24 14:11:20,580 ERROR [org.jboss.seam.jsf.SeamPhaseListener] uncaught exception
      java.lang.IllegalStateException: Could not commit transaction
       at org.jboss.seam.jsf.SeamPhaseListener.commitOrRollback(SeamPhaseListener.java:589)
       at org.jboss.seam.jsf.SeamPhaseListener.handleTransactionsAfterPhase(SeamPhaseListener.java:325)
       at org.jboss.seam.jsf.SeamPhaseListener.afterServletPhase(SeamPhaseListener.java:226)
       at org.jboss.seam.jsf.SeamPhaseListener.afterPhase(SeamPhaseListener.java:184)
       at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:280)
       at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:244)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
       at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:63)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
       at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:87)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
       at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:63)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
       at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:46)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
       at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:140)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
       at com.bts.appserver.valves.BTSSingleSignOnValve.invoke(BTSSingleSignOnValve.java:257)
       at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
       at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:543)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:216)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:624)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445)
       at java.lang.Thread.run(Thread.java:595)
      Caused by: java.util.EmptyStackException
       at java.util.Stack.peek(Stack.java:79)
       at org.jboss.seam.transaction.Transaction.beforeCommit(Transaction.java:64)
       at org.jboss.seam.transaction.UTTransaction.commit(UTTransaction.java:44)
       at org.jboss.seam.jsf.SeamPhaseListener.commitOrRollback(SeamPhaseListener.java:579)
       ... 38 more
      2007-08-24 14:11:20,595 ERROR [org.jboss.seam.exception.DebugPageHandler] redirecting to debug page
      java.util.EmptyStackException
       at java.util.Stack.peek(Stack.java:79)
       at org.jboss.seam.transaction.Transaction.beforeCommit(Transaction.java:64)
       at org.jboss.seam.transaction.UTTransaction.commit(UTTransaction.java:44)
       at org.jboss.seam.jsf.SeamPhaseListener.commitOrRollback(SeamPhaseListener.java:579)
       at org.jboss.seam.jsf.SeamPhaseListener.handleTransactionsAfterPhase(SeamPhaseListener.java:325)
       at org.jboss.seam.jsf.SeamPhaseListener.afterServletPhase(SeamPhaseListener.java:226)
       at org.jboss.seam.jsf.SeamPhaseListener.afterPhase(SeamPhaseListener.java:184)
       at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:280)
       at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:244)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
       at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:63)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
       at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:87)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
       at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:63)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
       at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:46)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
       at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:140)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
       at com.bts.appserver.valves.BTSSingleSignOnValve.invoke(BTSSingleSignOnValve.java:257)
       at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
       at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:543)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:216)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:624)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445)
       at java.lang.Thread.run(Thread.java:595)
      2007-08-24 14:11:20,595 ERROR [org.jboss.seam.jsf.SeamPhaseListener] swallowing exception
      java.lang.IllegalStateException: Could not commit transaction
       at org.jboss.seam.jsf.SeamPhaseListener.commitOrRollback(SeamPhaseListener.java:589)
       at org.jboss.seam.jsf.SeamPhaseListener.handleTransactionsAfterPhase(SeamPhaseListener.java:325)
       at org.jboss.seam.jsf.SeamPhaseListener.afterServletPhase(SeamPhaseListener.java:226)
       at org.jboss.seam.jsf.SeamPhaseListener.afterPhase(SeamPhaseListener.java:184)
       at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:280)
       at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:244)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
       at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:63)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
       at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:87)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
       at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:63)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
       at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:46)
       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
       at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:140)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
       at com.bts.appserver.valves.BTSSingleSignOnValve.invoke(BTSSingleSignOnValve.java:257)
       at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
       at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:543)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:216)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:624)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445)
       at java.lang.Thread.run(Thread.java:595)
      Caused by: java.util.EmptyStackException
       at java.util.Stack.peek(Stack.java:79)
       at org.jboss.seam.transaction.Transaction.beforeCommit(Transaction.java:64)
       at org.jboss.seam.transaction.UTTransaction.commit(UTTransaction.java:44)
       at org.jboss.seam.jsf.SeamPhaseListener.commitOrRollback(SeamPhaseListener.java:579)
       ... 38 more
      

      If the no-conversation-view-id is removed, the redirect works as expected but or course an error occurs if you return to a page that requires a conversation after logging in. Thanks in advance for any help you may be able to provide.

        • 1. Re: login-required and no-conversation-view-id causing infin
          Shane Bryzak Master

          That seems like a bug, could you please raise it in JIRA and someone will take a look at it.

          • 2. Re: login-required and no-conversation-view-id causing infin
            erdem agaoglu Newbie

            i ran into a similar problem lately. i dont know if its the same that you have, but i think you can give it a try. seam-genned pages.xml does not define a redirect view-id for AuthorizationException

            <exception class="org.jboss.seam.security.AuthorizationException">
             <redirect>
             <message>You don't have permission to do this</message>
             </redirect>
            </exception>
            


            as you can guess i changed this to redirect to some error.xhtml
            <exception class="org.jboss.seam.security.AuthorizationException">
             <redirect view-id="/error.xhtml">
             <message>You don't have permission to do this</message>
             </redirect>
            </exception>
            


            if that's the case for you too, yes its still a bug but a minor one i think.

            • 3. Re: login-required and no-conversation-view-id causing infin
              Jacob Orshalick Apprentice

              Thanks for the response buckmin, but unfortunately, this is not the issue that I am running into. I have the AuthorizationException redirect specified in the same manner as shown in your post, it was just further down in my pages.xml than what I copied :)

              The bug is related to a combination of the login-view-id and no-conversation-view-id. I have posted this as a bug at:

              http://jira.jboss.com/jira/browse/JBSEAM-1860

              • 4. Re: login-required and no-conversation-view-id causing infin
                steve tynor Novice

                Jacob,

                Thanks for diagnosing this. We've been running into a similar (the same?) issue with our Seam 1.2.1-GA based app. In our case, we get infinite exceptions after a POST after a session timeout due to a setting on the page pointed to by our no-converstation-id page. We have:

                <page no-conversation-view-id="/home/xhtml" login-required="true">
                ...
                 <page view-id="/home.xhtml">
                 <restrict>#{(not empty authenticator.currentClient)}</restrict>
                 </page>
                ...
                 <page view-id="/handleAuthorizationException.xhtml" conversation-required="false">
                 <action if="#{empty authenticator.currentClient}" execute="/ChooseClient.xhtml"/>
                 <action if="#{not empty authenticator.currentClient}" execute="/error.xhtml"/>
                 </page>
                ...
                 <exception class="org.jboss.seam.security.AuthorizationException">
                 <redirect view-id="/handleAuthorizationException.xhtml">
                 <message>#{(empty authenticator.currentClient) ? 'You must select a client before accessing any other page' : 'You do not have permission to do this'}</message>
                 </redirect>
                 </exception>
                
                


                but after a session timeout, clicking a list or button gets us a looping:
                10:25:05,062 ERROR [SeamPhaseListener] swallowing exception
                org.jboss.seam.RequiredException: In attribute requires non-null value: clientFu
                ndHome.currentClient
                 at org.jboss.seam.Component.getValueToInject(Component.java:1919)
                 at org.jboss.seam.Component.injectAttributes(Component.java:1368)
                ...
                

                If I remove the no-converstation-view-id as Jacob did, I don't get the recursive/looping exceptions. Is there another way to fix?

                Thanks!