On the off chance you need the full stack trace here it is: 2015-05-29 15:07:15,216 ERROR org.dspace.app.xmlui.cocoon.DSpaceCocoonServletFilter @ Serious Error Occurred Processing Request! org.springframework.web.util.NestedServletException: Handler processing failed; nested exception is java.lang.StackOverflowError at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:972) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778) at javax.servlet.http.HttpServlet.service(HttpServlet.java:620) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.dspace.app.xmlui.cocoon.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.dspace.app.xmlui.cocoon.DSpaceCocoonServletFilter.doFilter(DSpaceCocoonServletFilter.java:274) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.dspace.app.xmlui.cocoon.servlet.multipart.DSpaceMultipartFilter.doFilter(DSpaceMultipartFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.dspace.utils.servlet.DSpaceWebappServletFilter.doFilter(DSpaceWebappServletFilter.java:78) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at com.googlecode.psiprobe.Tomcat70AgentValve.invoke(Tomcat70AgentValve.java:38) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
________________________________________ From: Pottinger, Hardy J. Sent: Wednesday, September 09, 2015 2:54 PM To: Tomcat Users List Subject: RE: seeking help with stabilizing the persistence of a JSESSIONID Well... it occurred to me that from time to time we happen to have stack traces show up in our log files due to some error or another, and, I could just *look* at the log files. Sure enough, here's an example of one line of interest (there are many similar ones): at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503) Is that enough of a clue? --Hardy ________________________________________ From: Pottinger, Hardy J. Sent: Wednesday, September 09, 2015 9:35 AM To: Tomcat Users List Subject: RE: seeking help with stabilizing the persistence of a JSESSIONID Hi, thanks for following up! No, no luck at all. The web application I'm working with is based on Apache Cocoon 2.2, so, no JSPs in sight. I am actually weighing my options, I have a choice to either pursue making the current design work (i.e. try to get the session to stick around long enough so I can use it), or else change the design and go with a more conventional "pass the return URL around as a parameter in the request" approach. I'm leaning towards the latter, as it sidesteps this whole issue we're having with session fixation protection, *and* it deals with a slightly esoteric use case, where a user encounters a password challenge when attempting to view a restricted item, backtracks, then later chooses to log in for some other reason, and is returned to the original restricted item page (because the redirect URL is still in the session). If I do continue to persue the session route, I'll let you know if I'm able to determine what authentication class ends up in the stack trace. --Hardy ________________________________________ From: Christopher Schultz [ch...@christopherschultz.net] Sent: Wednesday, September 09, 2015 8:24 AM To: Tomcat Users List Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hardy, On 9/4/15 4:32 PM, Pottinger, Hardy J. wrote: >> Are you using AJP or HTTP as your proxy protocol? If AJP, are >> you using tomcatAuthentication="false" on your <Connector>? I'm >> not exactly sure what happens when you do that... you might get >> a NonLoginAuthenticator. > > in our Vhost file, we have this: > > <Location "/xmlui"> ProxyPass ajp://127.0.0.1:8009/xmlui > retry=1 keepalive=on ProxyPassReverse ajp://127.0.0.1:8009/xmlui > ShibUseHeaders On SetEnv proxy-sendchunked 1 </Location> > > in our server.xml file, we have this: <!-- Define an AJP 1.3 > Connector on port 8009, just on localhost --> <Connector > port="8009" enableLookups="false" redirectPort="8080" > protocol="AJP/1.3" address="127.0.0.1" > tomcatAuthentication="false" maxSwallowSize="-1" > connectionTimeout="1232000" disableUploadTimeout="false" > connectionUploadTimeout="1232000" URIEncoding="UTF-8"/> > > So, we're using tomcatAuthentication="false" > > I will try your suggestion of using NonLoginAuthenticator and see > what I get. If it doesn't work, I'll try your suggestion of setting > a breakpoint and using a debugger to look at the stack. Any luck? You don't have to use a debugger to get a stack trace: just create a JSP and have it 'throw Exception("getting a stack trace")'. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV8DLwAAoJEBzwKT+lPKRY48YQAIUdyi1UwJTtdmjJBRWLXH7Q ochdn2fBkBF+nDn1V3mLp7svDrk4SNFdymRUudOgCg4ZF4GHVClYDEVcQFMYKgOB 7NjBNtxTLXKhX7AloY+nYHJaCBEcKsYW3fZXCmNt1/KKCXq2cEcJ264++VUN//sT khvWjTipOuDQAZYauWfQWb2T4flp5Viitq37zyYpeTD1HeTxepdTFAlPIquFYAlK bHQQuWpI55YjTTBoDq3+FKabH97DQ1A3mLYcktIvIT4KiHFFlE2F+mb30F60Qdw7 RRDFJhTFGbnr0gIIV1b6VUJyDhh6m4bIXkRCixo41d9JAzzcmkpivaEClO+YTFwF X8nVRPFkRiFKgKU6Gw0g/fzMNz53LrhW5TPvy7nHe2f+Ahip0M94pS3sD0azh+y0 ZoxG9JyquDQWHPGgwfQqjtide7+u5bo8mEhuUC2tWNl7iSwB7rUFgz9GgyWl7fNi jRRZ3gCrqaZFdUoJdh9/eUpfzo24DNEPO5mNsD5Ii0REXXGHkalVd1Rk6MyYFc+X Jt4ZJVG2Jxlcu3Z2G9wUfNBuc/0ejsmHuOKlLeg0++J0QIoKOwZw67k5HD/XoUhT ieSV9f2LZwA5Wh3vA4o80uC94SWU/4aav6D0qhB5Np6YXy7xtX/q/oGSVu6sr0XY zg8u3mC90npBIj5b3nPQ =kWRl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org