glassfish
  1. glassfish
  2. GLASSFISH-11504

Glassfishv3 j_security_check causes No active contexts errors

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: V3
    • Fix Version/s: v3.0.1
    • Component/s: web_container
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      11,504

      Description

      It seems that Glassfishv3 does not currently work with form based authentication?

      When it is lazy authentication by stipulating a security-constraint on a url-pattern in web.xml which should redirect to the form-login-page, I get the error.

      Or whether I access the form-login-page directly and submit an incorrect username/password combination, I also get the error (a valid user in this case will log in correctly).

      Is there something other than the above to get this to work? It seems it is a Weld issue?
      I have an empty beans.xml file in the WEB-INF directory of my WAR.

      An example exception I get from the latest Glassfishv3.1 nightly is:

      javax.enterprise.context.ContextNotActiveException: No active contexts for scope type javax.enterprise.context.RequestScoped
      at org.jboss.weld.BeanManagerImpl.getContext(BeanManagerImpl.java:928)
      at org.jboss.weld.bean.proxy.ClientProxyMethodHandler.getProxiedInstance(ClientProxyMethodHandler.java:140)
      at org.jboss.weld.bean.proxy.ClientProxyMethodHandler.invoke(ClientProxyMethodHandler.java:101)
      at org.jboss.weld.servlet.HttpSessionManager_$$javassist_14.setSession(HttpSessionManager$$_javassist_14.java)
      at org.jboss.weld.jsf.WeldPhaseListener.initiateSessionAndConversation(WeldPhaseListener.java:169)
      at org.jboss.weld.jsf.WeldPhaseListener.beforeRestoreView(WeldPhaseListener.java:118)
      at org.jboss.weld.jsf.WeldPhaseListener.beforePhase(WeldPhaseListener.java:87)
      at com.sun.faces.lifecycle.Phase.handleBeforePhase(Phase.java:228)
      at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:99)
      at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:110)
      at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
      at javax.faces.webapp.FacesServlet.service(FacesServlet.java:312)
      at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1518)
      at org.apache.catalina.core.ApplicationDispatcher.doInvoke(ApplicationDispatcher.java:784)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
      at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:479)
      at org.apache.catalina.core.ApplicationDispatcher.doDispatch(ApplicationDispatcher.java:450)
      at org.apache.catalina.core.ApplicationDispatcher.dispatch(ApplicationDispatcher.java:346)
      at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:296)
      at org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormAuthenticator.java:458)
      at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:249)
      at com.sun.web.security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:1184)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:604)
      at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
      ...

      NOTE: this came about from the forum post: http://forums.java.net/jive/thread.jspa?threadID=73860

        Activity

        Hide
        jluehe added a comment -

        Request boundaries in Weld are implemented using a ServletRequestListener.

        Normally, the requestInitialized and requestDestroyed events are fired as part
        of StandardContextValve#preInvoke and StandardContextValve#postInvoke,
        respectively. However, when FormAuthenticator performs a FORWARD dispatch to the
        form's login or error page, StandardContextValve will be bypassed, as is evident
        from the above stacktrace, where the form's login page is JSF based (search for
        FacesServlet#service). As a result, no requestInitialized event will have been
        fired by the time WeldPhaseListener#initiateSessionAndConversation is called,
        causing the ContextNotActiveException.

        The issue can be fixed by having ApplicationDispatcher check whether
        requestInitialized was already fired for a given request, and fire it (and the
        corresponding requestDestroyed) in case it was not.

        Show
        jluehe added a comment - Request boundaries in Weld are implemented using a ServletRequestListener. Normally, the requestInitialized and requestDestroyed events are fired as part of StandardContextValve#preInvoke and StandardContextValve#postInvoke, respectively. However, when FormAuthenticator performs a FORWARD dispatch to the form's login or error page, StandardContextValve will be bypassed, as is evident from the above stacktrace, where the form's login page is JSF based (search for FacesServlet#service). As a result, no requestInitialized event will have been fired by the time WeldPhaseListener#initiateSessionAndConversation is called, causing the ContextNotActiveException. The issue can be fixed by having ApplicationDispatcher check whether requestInitialized was already fired for a given request, and fire it (and the corresponding requestDestroyed) in case it was not.
        Hide
        jluehe added a comment -
            • Issue 11544 has been marked as a duplicate of this issue. ***
        Show
        jluehe added a comment - Issue 11544 has been marked as a duplicate of this issue. ***
        Hide
        jluehe added a comment -

        Sending web-core/src/main/java/org/apache/catalina/Context.java
        Sending
        web-core/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java
        Sending
        web-core/src/main/java/org/apache/catalina/core/ApplicationDispatcher.java
        Sending web-core/src/main/java/org/apache/catalina/core/StandardContext.java
        Sending
        web-core/src/main/java/org/apache/catalina/core/StandardContextValve.java
        Sending
        web-core/src/main/java/org/apache/catalina/core/StandardHostValve.java
        Transmitting file data ......
        Committed revision 35608.

        Show
        jluehe added a comment - Sending web-core/src/main/java/org/apache/catalina/Context.java Sending web-core/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java Sending web-core/src/main/java/org/apache/catalina/core/ApplicationDispatcher.java Sending web-core/src/main/java/org/apache/catalina/core/StandardContext.java Sending web-core/src/main/java/org/apache/catalina/core/StandardContextValve.java Sending web-core/src/main/java/org/apache/catalina/core/StandardHostValve.java Transmitting file data ...... Committed revision 35608.
        Hide
        jluehe added a comment -

        Ported fix to v3.0.1:

        Sending web-core/src/main/java/org/apache/catalina/Context.java
        Sending
        web-core/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java
        Sending
        web-core/src/main/java/org/apache/catalina/core/ApplicationDispatcher.java
        Sending web-core/src/main/java/org/apache/catalina/core/StandardContext.java
        Sending
        web-core/src/main/java/org/apache/catalina/core/StandardContextValve.java
        Sending
        web-core/src/main/java/org/apache/catalina/core/StandardHostValve.java
        Transmitting file data ......
        Committed revision 35620.

        Show
        jluehe added a comment - Ported fix to v3.0.1: Sending web-core/src/main/java/org/apache/catalina/Context.java Sending web-core/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java Sending web-core/src/main/java/org/apache/catalina/core/ApplicationDispatcher.java Sending web-core/src/main/java/org/apache/catalina/core/StandardContext.java Sending web-core/src/main/java/org/apache/catalina/core/StandardContextValve.java Sending web-core/src/main/java/org/apache/catalina/core/StandardHostValve.java Transmitting file data ...... Committed revision 35620.
        Hide
        jluehe added a comment -

        Changing target milestone to v3.0.1, because the fix has been back-ported there.

        Show
        jluehe added a comment - Changing target milestone to v3.0.1, because the fix has been back-ported there.
        Show
        jluehe added a comment - Added unit test at https://svn.dev.java.net/svn/glassfish-svn/trunk/v2/appserv-tests/devtests/web/weldJsfLoginPage
        Hide
        cosmic added a comment -

        This bug appears to have resurfaced when forwarding from a ServerAuthModule:
        http://forums.java.net/jive/thread.jspa?threadID=151707

        Show
        cosmic added a comment - This bug appears to have resurfaced when forwarding from a ServerAuthModule: http://forums.java.net/jive/thread.jspa?threadID=151707
        Hide
        cosmic added a comment -

        As requested by Shing Wai Chan, I have created Issue #12642 for the different scenario.

        Show
        cosmic added a comment - As requested by Shing Wai Chan, I have created Issue #12642 for the different scenario.

          People

          • Assignee:
            jluehe
            Reporter:
            cosmic
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: