Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-3713

JAX-RS web services executed within an EJB transaction cannot use Seam HTTP authentication

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • EAP_EWP 5.1.0_CR2
    • EAP 5.0.1.CR1, EAP 5.0.1.CR2
    • Seam
    • None
    • Release Notes

      after including tasks example unit tests into target tesexample, they are failing.

      e.g. see at http://hudson.qa.jboss.com/hudson/job/Seam-2.2.x-EAP5-JDK6-SNAPSHOT/36/testReport/

      An exception is thrown during destroying of BusinessProcess context. For some reason it is not possible to lookup EjbSynchronizations EJB which is required for finishing a transaction (BP context is destroyed in a transaction since r11308)

      The issue manifests itself only under the following circumstances:

      a) EJB Transactions are used
      b) Seam authentication filter is used
      c) The following patch is applied http://fisheye.jboss.org/browse/Seam/branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/contexts/Contexts.java?r1=11218&r2=11308

      When authentication filter is used, single HTTP request is translated into 2 ContextualHttpServletRequests. The first one parses HTTP Authentication header and invokes identity.authenticate() which stores identity information in session. Note that during end of this contextual request, EjbSynchronizations is succesfully looked up and used for destroying BP context. The problem occurs in the subsequent contextual request (which is the same physical request). In this request, it is not possible to lookup the EjbSynchronizations bean (not from a web service method nor during destroying BP context). Tests fail because there is an exception thrown during EntityHome/Query method invocations. Furthermore, an exception is thrown during BP context shutdown. This exception which is logged with WARN severity (does not cause the test to fail).

      To summarize, HTTP request to a web service protected by AuthenticationFilter splits into two separate ContextualHttpRequests. In the second one, it is not possible to lookup EjbSynchronizations bean - Component.getInstance("org.jboss.seam.transaction.synchronizations", ScopeType.EVENT) fails with NoSuchEjbException

      I need to verify if only the EjbSynchronizations bean is affected or if any EJB is not usable together with AuthenticationFilter.

        1. stacktrace.txt
          32 kB
        2. request-with-authentication.txt
          30 kB
        3. request-without-authentication.txt
          15 kB
        4. 20021.txt
          6 kB

              mnovotny@redhat.com Marek Novotny
              mnovotny@redhat.com Marek Novotny
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: