IllegalStateException after login - logout
vladoseprak Aug 15, 2011 3:02 PMHello,
I'm using seam-security 3.0.0.Final and seam-faces 3.0.2.final. I have simple login form and one page secured like this:
@ViewConfig public interface Pages { static enum Pages1 { @ViewPattern("/views/survey.xhtml") @Authenticated SURVEY, @ViewPattern("/*") @FacesRedirect @AccessDeniedView("/views/denied.xhtml") @LoginView("/views/login.xhtml") ALL; } }
When I login first time everything is ok. When I logout and try to login next time i get exception:
SEVERE [javax.enterprise.resource.webcontainer.jsf.renderkit] (http--127.0.0.1-8080-1) javax.faces.FacesException: javax.faces.FacesException at com.sun.faces.context.ExceptionHandlerImpl.handle(ExceptionHandlerImpl.java:140) [jsf-impl-2.0.4-b09-jbossorg-4.jar:2.0.4-b09-jbossorg-4] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:119) [jsf-impl-2.0.4-b09-jbossorg-4.jar:2.0.4-b09-jbossorg-4] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) [jsf-impl-2.0.4-b09-jbossorg-4.jar:2.0.4-b09-jbossorg-4] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:312) [jboss-jsf-api_2.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.jboss.seam.servlet.exception.CatchExceptionFilter.doFilter(CatchExceptionFilter.java:62) [seam-servlet-3.0.0.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.jboss.seam.servlet.event.ServletEventBridgeFilter.doFilter(ServletEventBridgeFilter.java:72) [seam-servlet-3.0.0.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at com.ocpsoft.pretty.PrettyFilter.doFilter(PrettyFilter.java:118) [prettyfaces-jsf2-3.2.1.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.0.0.Final.jar:7.0.0.Final] at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:49) [jboss-as-jpa-7.0.0.Final.jar:7.0.0.Final] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at java.lang.Thread.run(Thread.java:619) [:1.6.0_16] Caused by: java.lang.IllegalStateException at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:436) [jbossweb-7.0.0.CR4.jar:7.0.0.Final] at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:170) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:170) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.jboss.weld.servlet.ConversationPropagationFilter$1.sendRedirect(ConversationPropagationFilter.java:90) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at com.sun.faces.context.ExternalContextImpl.redirect(ExternalContextImpl.java:576) [jsf-impl-2.0.4-b09-jbossorg-4.jar:2.0.4-b09-jbossorg-4] at javax.faces.context.ExternalContextWrapper.redirect(ExternalContextWrapper.java:462) [jboss-jsf-api_2.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.faces.context.ExternalContextWrapper.redirect(ExternalContextWrapper.java:462) [jboss-jsf-api_2.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.jboss.seam.faces.environment.SeamExternalContext.redirect(SeamExternalContext.java:55) [seam-faces-3.0.1.Final.jar:] at org.jboss.seam.faces.environment.SeamExternalContext$Proxy$_$$_WeldClientProxy.redirect(SeamExternalContext$Proxy$_$$_WeldClientProxy.java) [seam-faces-3.0.1.Final.jar:] at org.jboss.seam.faces.security.LoginListener.observePostLoginEvent(LoginListener.java:49) [seam-faces-3.0.1.Final.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_16] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_16] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_16] at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_16] at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:305) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:54) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:163) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflections.java:299) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.introspector.jlr.WeldMethodImpl.invokeOnInstance(WeldMethodImpl.java:188) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.introspector.ForwardingWeldMethod.invokeOnInstance(ForwardingWeldMethod.java:59) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.injection.MethodInjectionPoint.invokeOnInstanceWithSpecialValue(MethodInjectionPoint.java:198) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:282) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:265) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.event.ObserverMethodImpl.notify(ObserverMethodImpl.java:234) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.manager.BeanManagerImpl.notifyObservers(BeanManagerImpl.java:635) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.manager.BeanManagerImpl.fireEvent(BeanManagerImpl.java:628) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.event.EventImpl.fire(EventImpl.java:75) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.seam.faces.security.SecurityPhaseListener.observePreNavigateEvent(SecurityPhaseListener.java:335) [seam-faces-3.0.1.Final.jar:] at sun.reflect.GeneratedMethodAccessor89.invoke(Unknown Source) [:1.6.0_16] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_16] at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_16] at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:305) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:54) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:163) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflections.java:299) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.introspector.jlr.WeldMethodImpl.invokeOnInstance(WeldMethodImpl.java:188) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.introspector.ForwardingWeldMethod.invokeOnInstance(ForwardingWeldMethod.java:59) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.injection.MethodInjectionPoint.invokeOnInstanceWithSpecialValue(MethodInjectionPoint.java:198) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:282) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:265) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.event.ObserverMethodImpl.notify(ObserverMethodImpl.java:234) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.manager.BeanManagerImpl.notifyObservers(BeanManagerImpl.java:635) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.manager.BeanManagerImpl.fireEvent(BeanManagerImpl.java:622) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.weld.manager.BeanManagerImpl.fireEvent(BeanManagerImpl.java:616) [weld-core-1.1.2.AS7.jar:2011-07-06 12:26] at org.jboss.seam.faces.event.SeamPreNavigationHandler.handleNavigation(SeamPreNavigationHandler.java:47) [seam-faces-3.0.1.Final.jar:] at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:130) [jsf-impl-2.0.4-b09-jbossorg-4.jar:2.0.4-b09-jbossorg-4] at javax.faces.component.UICommand.broadcast(UICommand.java:315) [jboss-jsf-api_2.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:787) [jboss-jsf-api_2.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1252) [jboss-jsf-api_2.0_spec-1.0.0.Final.jar:1.0.0.Final] at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) [jsf-impl-2.0.4-b09-jbossorg-4.jar:2.0.4-b09-jbossorg-4] at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [jsf-impl-2.0.4-b09-jbossorg-4.jar:2.0.4-b09-jbossorg-4] ... 28 more
To achieve session invalidation I have implemented following handler
@RequestScoped public class EventHandler { @Inject private transient Logger logger; @Inject private HttpServletRequest httpRequest; // Requires seam-servlet dependency @Inject private HttpServletResponse httpResponse; /** * Workaround for bug in seam-security-3.0.0.Final (SEAMSECURITY-83) * @param event */ public void handlePostLoggedOutEvent(@Observes final PostLoggedOutEvent event) { logger.log(Level.INFO, "PostLoggedOutEvent triggered by user: {0}", event.getUser().getId()); httpRequest.getSession().invalidate(); } }
Thanks for suggestions.