Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.4.14.CR1, 7.4.14.GA
Affects Version/s: 7.4.12.GA
Component/s: Clustering, Undertow
Labels:
- upstream-fixed

Blocked:
False
Blocked Reason:
None
Ready:
False
Target Release:

7.4.z.GA
Git Pull Request:
https://github.com/jbossas/jboss-eap7/pull/4568
Steps to Reproduce:

Hide

1. Launch JBoss with attached configuration and deployment
2. Make following requests:
a. http://localhost:8080/app1/session.jsp
b. http://localhost:8080/app2/session.jsp
c. http://localhost:8080/app1/invalidate.jsp

Show
1. Launch JBoss with attached configuration and deployment 2. Make following requests: a. http://localhost:8080/app1/session.jsp b. http://localhost:8080/app2/session.jsp c. http://localhost:8080/app1/invalidate.jsp

SFDC Cases Counter:
SFDC Cases Links:

Description

After ~~JBEAP-15303~~, invalidating a session in a config using Undertow SSO results in an UnsupportedOperationException being thrown by invalidation attempted on any other session associated with the SSO entry:

Caused by: java.lang.UnsupportedOperationException
	at org.wildfly.clustering.web.undertow@7.4.12.GA-redhat-00003//org.wildfly.clustering.web.undertow.sso.DistributableSingleSignOn$SimpleSessionConfig.setSessionId(DistributableSingleSignOn.java:256)
	at org.wildfly.clustering.web.undertow@7.4.12.GA-redhat-00003//org.wildfly.clustering.web.undertow.session.DistributableSessionManager.getSession(DistributableSessionManager.java:233)
	at org.wildfly.clustering.web.undertow@7.4.12.GA-redhat-00003//org.wildfly.clustering.web.undertow.sso.DistributableSingleSignOn$InvalidatableSession.invalidate(DistributableSingleSignOn.java:182)
	at io.undertow.core@2.2.25.SP3-redhat-00001//io.undertow.security.impl.SingleSignOnAuthenticationMechanism$SessionInvalidationListener.sessionDestroyed(SingleSignOnAuthenticationMechanism.java:213)
	at io.undertow.core@2.2.25.SP3-redhat-00001//io.undertow.server.session.SessionListeners.sessionDestroyed(SessionListeners.java:61)
	at org.wildfly.clustering.web.undertow@7.4.12.GA-redhat-00003//org.wildfly.clustering.web.undertow.session.DistributableSession.invalidate(DistributableSession.java:276)
	at io.undertow.servlet@2.2.25.SP3-redhat-00001//io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)
	at org.apache.jsp.invalidate_jsp._jspService(invalidate_jsp.java:96)
	at io.undertow.jsp@2.0.14.Final-redhat-00001//org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.api@2.0.0.Final-redhat-00001//javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
	at io.undertow.jsp@2.0.14.Final-redhat-00001//org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
	... 51 more

So this requires a fix similar to ~~JBEAP-24362~~.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

reproducer.zip
13 kB
2023/09/06 1:46 AM

Issue Links

is caused by

JBEAP-15303 [GSS](7.4.z) WFLY-10912 - CodecSessionConfig#findSessionId() causes an incorrect JSESSIONID Set-Cookie header

Verified

Activity

People

Assignee:: Chao Wang

Reporter:: Aaron Ogburn

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023/09/06 1:41 AM

Updated:: 2023/11/20 9:50 AM

Resolved:: 2023/10/20 12:00 PM