Thanks for that info, Willie, very useful.
Before I get into this, quick request: would you mind sharing your oAuth2
code; might be worth making available as an Isis addon, at least (if not
part of Isis "proper").
~~~
Per your case where there were lots of incoming request, it looks very much
like a race condition. I'm thinking that two requests/threads come in at
almost the same time through IsisSessionFilter
at
org.apache.isis.core.webapp.IsisSessionFilter.doFilter(IsisSessionFilter.java:332)
which check to see if the session is valid:
at
org.apache.isis.viewer.restfulobjects.server.authentication.AuthenticationSessionStrategyBasicAuth.lookupValid(AuthenticationSessionStrategyBasicAuth.java:65)
this involves reconstructing the authentication request (ie user/password),
and calling authenticate:
at
org.apache.isis.core.runtime.authentication.standard.AuthenticationManagerStandard.authenticate(AuthenticationManagerStandard.java:120)
which in turn delegates to shiro:
at
org.apache.isis.security.shiro.ShiroAuthenticatorOrAuthorizor.authenticate(ShiroAuthenticatorOrAuthorizor.java:139)
My guess is that the first thread does this, finds that so far as Shiro is
concerned that the Shiro session from before is still authenticated, so
does the logout:
at
org.apache.shiro.subject.support.DelegatingSubject.logout(DelegatingSubject.java:363)at
Mantime, my guess is that second thread runs the same code almost
immediately afterwards and also sees that the Shiro session to still
authenticated, so also attempts the logout.
One of these two threads will complete the logout successfully, but the
second will fail with the exception:
...
at java.lang.IllegalStateExceptionat
org.eclipse.jetty.server.session.AbstractSession.checkValid(AbstractSession.java:104)
I'll have a ponder as to how to address this. I notice some TODOs in that
codebase. Perhaps it would be sufficient to simply not attempt the logout
and then subsequent login again.
~~~~
By the by, one way to reduce the number of calls for a grid would be to use
the simplified representation of a collection [2]. Are you using them?
Thx
Dan
[2]
http://isis.apache.org/guides/ugvro.html#_ugvro_simplified-representations_object-collection
On 8 June 2016 at 19:52, Willie Loyd Tandingan <tandingan....@gmail.com>
wrote:
> Hi everyone,
>
> We've had this issue since the beginning when we used RO. It's intermittent
> and happens often when the server receives a lot of requests in a given
> amount of time. We have observed this happening frequently when trying to
> display a grid by performing additional requests for getting the properties
> of elements in a list.
>
> Since we extended ShiroAuthenticatorOrAuthorizor for supporting OAuth2,
> what we did temporarily was try / catch then ignore the
> IllegalStateException thrown at the call to logout in [1].
>
> I didn't have the time to investigate further and I'm interested in knowing
> the cause for this also. It could be jetty-related since it happened a lot
> during development. We run our app with Wildfly for staging environment,
> but I forgot if we ever encountered this one before we applied the
> workaround.
>
>
> [1]
>
> https://github.com/apache/isis/blob/d6bf2a397f9afc9f511aa72fbd798562f1a46d6c/core/security-shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java#L121
>
> On Thu, Jun 9, 2016 at 1:20 AM, César Camilo Lugo Marcos <
> cesar.l...@sisorg.com.mx> wrote:
>
> > Jeroen,
> >
> > We have it configured in Amazon AWS Elastic Beanstalk, using a load
> > balancer, this is where we redirect port 80 to 8080. Probably the load
> > balancer is acting as a proxy. Could this be causing the issue?
> >
> > On Wed, 2016-06-08 at 16:34 +0000, Arturo Ulises Castañeda Estrada
> > wrote:
> > > Hi Jan, I'm not using a proxy server but I configured port 80 in the
> > server and redirects to 8080 port I don't know if this is causing
> problems.
> > > ________________________________________
> > > De: jan-wil...@mail.youngmediaexperts.nl <
> > jan-wil...@mail.youngmediaexperts.nl> en nombre de Jan-Willem Gmelig
> > Meyling <jan-wil...@meylingmedia.nl>
> > > Enviado: miércoles, 8 de junio de 2016 11:09:10 a. m.
> > > Para: users@isis.apache.org
> > > Asunto: Re: error 500
> > >
> > > Hi Arturo,
> > >
> > > Are you using a proxy server? I have seen this error with
> > grunt-connect-proxy, when I fire two requests simultanuously. Maybe it is
> > related to Cookie header parameters not correctly being passed from one
> end
> > to another.
> > >
> > > Cheers,
> > >
> > > Jan-Willem
> > >
> > >
> > > > Op 8 jun. 2016 om 17:28 heeft Arturo Ulises Castañeda Estrada <
> > arturo.castan...@sisorg.com.mx> het volgende geschreven:
> > > >
> > > > Hi Dan,
> > > >
> > > >
> > > > I have the next problem when I consume a WS with AngularJS.
> > > >
> > > >
> > > > HTTP ERROR 500
> > > >
> > > > Problem accessing
> >
> /restful/services/SequenceRepository/actions/findSequenceBySequenceId/invoke.
> > Reason:
> > > >
> > > > Server Error
> > > > Caused by:
> > > >
> > > > javax.servlet.ServletException: Filtered request failed.at
> >
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:384)at
> >
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)at
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)at
> >
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:583)at
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)at
> >
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)at
> >
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)at
> >
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1125)at
> >
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)at
> >
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)at
> >
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1059)at
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)at
> >
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)at
> >
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)at
> >
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)at
> > org.eclipse.jetty.server.Server.handle(Server.java:497)at
> > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)at
> >
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:248)at
> >
> org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)at
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:610)at
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:539)at
> > java.lang.Thread.run(Thread.java:745)Caused by:
> > org.apache.shiro.session.InvalidSessionException:
> > java.lang.IllegalStateExceptionat
> >
> org.apache.shiro.web.session.HttpServletSession.getAttribute(HttpServletSession.java:148)at
> >
> org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)at
> >
> org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469)at
> >
> org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153)at
> >
> org.apache.shiro.mgt.DefaultSecurityManager.logout(DefaultSecurityManager.java:547)at
> >
> org.apache.shiro.subject.support.DelegatingSubject.logout(DelegatingSubject.java:363)at
> >
> org.apache.isis.security.shiro.ShiroAuthenticatorOrAuthorizor.authenticate(ShiroAuthenticatorOrAuthorizor.java:139)at
> >
> org.apache.isis.core.runtime.authentication.standard.AuthenticationManagerStandard.authenticate(AuthenticationManagerStandard.java:120)at
> >
> org.apache.isis.viewer.restfulobjects.server.authentication.AuthenticationSessionStrategyBasicAuth.lookupValid(AuthenticationSessionStrategyBasicAuth.java:65)at
> >
> org.apache.isis.core.webapp.IsisSessionFilter.doFilter(IsisSessionFilter.java:332)at
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)at
> >
> org.apache.isis.core.webapp.diagnostics.IsisLogOnExceptionFilter.doFilter(IsisLogOnExceptionFilter.java:52)at
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)at
> >
> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)at
> >
> org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)at
> >
> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)at
> >
> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)at
> >
> org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)at
> >
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)...
> > 21 moreCaused by: java.lang.IllegalStateExceptionat
> >
> org.eclipse.jetty.server.session.AbstractSession.checkValid(AbstractSession.java:104)at
> >
> org.eclipse.jetty.server.session.HashedSession.checkValid(HashedSession.java:79)at
> >
> org.eclipse.jetty.server.session.AbstractSession.getAttribute(AbstractSession.java:451)at
> >
> org.apache.shiro.web.session.HttpServletSession.getAttribute(HttpServletSession.java:146)...
> > 39 more
> > > > Caused by:
> > > >
> > > > org.apache.shiro.session.InvalidSessionException:
> > java.lang.IllegalStateExceptionat
> >
> org.apache.shiro.web.session.HttpServletSession.getAttribute(HttpServletSession.java:148)at
> >
> org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)at
> >
> org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469)at
> >
> org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153)at
> >
> org.apache.shiro.mgt.DefaultSecurityManager.logout(DefaultSecurityManager.java:547)at
> >
> org.apache.shiro.subject.support.DelegatingSubject.logout(DelegatingSubject.java:363)at
> >
> org.apache.isis.security.shiro.ShiroAuthenticatorOrAuthorizor.authenticate(ShiroAuthenticatorOrAuthorizor.java:139)at
> >
> org.apache.isis.core.runtime.authentication.standard.AuthenticationManagerStandard.authenticate(AuthenticationManagerStandard.java:120)at
> >
> org.apache.isis.viewer.restfulobjects.server.authentication.AuthenticationSessionStrategyBasicAuth.lookupValid(AuthenticationSessionStrategyBasicAuth.java:65)at
> >
> org.apache.isis.core.webapp.IsisSessionFilter.doFilter(IsisSessionFilter.java:332)at
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)at
> >
> org.apache.isis.core.webapp.diagnostics.IsisLogOnExceptionFilter.doFilter(IsisLogOnExceptionFilter.java:52)at
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)at
> >
> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)at
> >
> org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)at
> >
> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)at
> >
> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)at
> >
> org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)at
> >
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)at
> >
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)at
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)at
> >
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:583)at
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)at
> >
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)at
> >
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)at
> >
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1125)at
> >
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)at
> >
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)at
> >
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1059)at
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)at
> >
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)at
> >
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)at
> >
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)at
> > org.eclipse.jetty.server.Server.handle(Server.java:497)at
> > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)at
> >
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:248)at
> >
> org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)at
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:610)at
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:539)at
> > java.lang.Thread.run(Thread.java:745)Caused by:
> > java.lang.IllegalStateExceptionat
> >
> org.eclipse.jetty.server.session.AbstractSession.checkValid(AbstractSession.java:104)at
> >
> org.eclipse.jetty.server.session.HashedSession.checkValid(HashedSession.java:79)at
> >
> org.eclipse.jetty.server.session.AbstractSession.getAttribute(AbstractSession.java:451)at
> >
> org.apache.shiro.web.session.HttpServletSession.getAttribute(HttpServletSession.java:146)...
> > 39 more
> > > > Caused by:
> > > >
> > > > java.lang.IllegalStateExceptionat
> >
> org.eclipse.jetty.server.session.AbstractSession.checkValid(AbstractSession.java:104)at
> >
> org.eclipse.jetty.server.session.HashedSession.checkValid(HashedSession.java:79)at
> >
> org.eclipse.jetty.server.session.AbstractSession.getAttribute(AbstractSession.java:451)at
> >
> org.apache.shiro.web.session.HttpServletSession.getAttribute(HttpServletSession.java:146)at
> >
> org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)at
> >
> org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469)at
> >
> org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153)at
> >
> org.apache.shiro.mgt.DefaultSecurityManager.logout(DefaultSecurityManager.java:547)at
> >
> org.apache.shiro.subject.support.DelegatingSubject.logout(DelegatingSubject.java:363)at
> >
> org.apache.isis.security.shiro.ShiroAuthenticatorOrAuthorizor.authenticate(ShiroAuthenticatorOrAuthorizor.java:139)at
> >
> org.apache.isis.core.runtime.authentication.standard.AuthenticationManagerStandard.authenticate(AuthenticationManagerStandard.java:120)at
> >
> org.apache.isis.viewer.restfulobjects.server.authentication.AuthenticationSessionStrategyBasicAuth.lookupValid(AuthenticationSessionStrategyBasicAuth.java:65)at
> >
> org.apache.isis.core.webapp.IsisSessionFilter.doFilter(IsisSessionFilter.java:332)at
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)at
> >
> org.apache.isis.core.webapp.diagnostics.IsisLogOnExceptionFilter.doFilter(IsisLogOnExceptionFilter.java:52)at
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)at
> >
> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)at
> >
> org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)at
> >
> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)at
> >
> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)at
> >
> org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)at
> >
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)at
> >
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)at
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)at
> >
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:583)at
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)at
> >
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)at
> >
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)at
> >
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1125)at
> >
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)at
> >
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)at
> >
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1059)at
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)at
> >
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)at
> >
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)at
> >
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)at
> > org.eclipse.jetty.server.Server.handle(Server.java:497)at
> > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)at
> >
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:248)at
> >
> org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)at
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:610)at
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:539)at
> > java.lang.Thread.run(Thread.java:745)
> > > > Powered by Jetty://
> > > >
> > > >
> > > > in my network tab I copied the link and paste in the browser and I
> not
> > get any error, I think so the problem is from the Apache Isis.
> >
> >
>
