https://bz.apache.org/bugzilla/show_bug.cgi?id=66676
Mark Thomas <ma...@apache.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO --- Comment #3 from Mark Thomas <ma...@apache.org> --- (In reply to Georg F. from comment #2) > Hey Mark, > > thanks for looking into it. > I think the problem still exists in the latest 10.1.x branch on GitHub. > > Let me explain the problem step by step from the code on GitHub: > * When the WebSocket is closed the WebSocket tries to send the close > message via > https://github.com/apache/tomcat/blob/ > 8b1833f75bfce59a05791dede5eb9904b51da3da/java/org/apache/tomcat/websocket/ > WsSession.java#L718 There are two code paths to this line. The path via WsSession.doClose() will have set WsSession.state to OUTPUT_CLOSING. The path via WsSession.onClose() will have set WsSession.state to CLOSING. > * This in turn will try to send the message parts via > https://github.com/apache/tomcat/blob/ > b9a8bd4fdaf31b0cc08cc72f95c802d35bb885f2/java/org/apache/tomcat/websocket/ > WsRemoteEndpointImplBase.java#L311 No further change in WsSession.state occurs to this point. > * Unfortunately this may fail for whatever reason which then ends up in > closing the session via > https://github.com/apache/tomcat/blob/ > b9a8bd4fdaf31b0cc08cc72f95c802d35bb885f2/java/org/apache/tomcat/websocket/ > WsRemoteEndpointImplBase.java#L322 No further change in WsSession.state occurs to this point. > * The problem is now that the session now got to a "CLOSED" state How? when WsSession.doClose() is called the state check on line 568 will cause the method to return immediately with no further change in WsSession.state https://github.com/apache/tomcat/blob/8b1833f75bfce59a05791dede5eb9904b51da3da/java/org/apache/tomcat/websocket/WsSession.java#L568 >, but when > returning from these methods we end up in > https://github.com/apache/tomcat/blob/ > 8b1833f75bfce59a05791dede5eb9904b51da3da/java/org/apache/tomcat/websocket/ > WsSession.java#L734 which tries to get the user principal on the closed > session which is forbidden. ? > * And so another exception is thrown which overrules the previous one and > shows this confusing message. > > I hope that helps. Sorry, it doesn't yet. Following that code path described I don't see how WsSession.getUserPrincipal() can fail the checkState() test and trigger the exception. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org