Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-176

SavedRequest causes NotSerializableException in clustered mode

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.0.0.Beta33
    • 1.0.0.Beta30
    • Servlet
    • None
    • Hide

      You need a wildfly clustered environment started with the standard-full-ha.cml config. Deploy a war that uses FORM based authentication and send a POST request (not a GET) when the current session ist not already authenticated.

      Show
      You need a wildfly clustered environment started with the standard-full-ha.cml config. Deploy a war that uses FORM based authentication and send a POST request (not a GET) when the current session ist not already authenticated.

      I am using wildfly CR1 in standalone-full-ha mode where the web sessions will be distributed across the cluster nodes. I am also using FORM based authentication in my application. One thing I have noticed is that when users that are not authenticated send a POST request to the server they get redirected to the login page as expected but during this operation I see exceptions in the loggfiles like this:

      2014-01-21 15:11:22,960 ERROR [org.infinispan.interceptors.InvocationContextInterceptor] (default task-2) ISPN000136: Execution error: org.infinispan.commons.CacheException: java.lang.RuntimeException: Failure to marshal argument(s)
      at org.infinispan.commons.util.Util.rewrapAsCacheException(Util.java:581)
      .......
      .......
      Caused by: org.infinispan.commons.marshall.NotSerializableException: io.undertow.servlet.util.SavedRequest
      Caused by: an exception which occurred:
      in object java.util.HashMap@9bc848a8
      in object org.jboss.as.clustering.marshalling.SimpleMarshalledValue@9bc848a8
      in object org.infinispan.commands.write.PutKeyValueCommand@899e95ca
      in object org.infinispan.commands.tx.PrepareCommand@e338a19d

      After a bit of debugging I found the reason for that. The ServletFormAuthenticationMechanism.storeInitialLocation() method that is called when the FORM based authentication mechanism kicks in tries to store the current request by calling SavedRequest.trySaveRequest(exchange). In this method the current request is stored inside the current session. GET requests wont trigger the session.setAttribute(SESSION_KEY, request) but POST requests do because exchange.isRequestComplete() is true for GET but not for POST requests. Because the SavedRequest is not Serializable infinispan cannot marshall the session any more to distribute is across all the cluster nodes.

      I see two solutions for this issue:
      1) Try to make the SavedRequest class Serializable.
      2) Store the SavedRequets in the LocalSessionContext in org.wildfly.clustering.web.undertow.session.SessionAdapter.setAttribute() just like it is done for the AUTHENTICATED_SESSION_ATTRIBUTE_NAME to prevent the SavedRequest from being distributed to other cluster nodes.

            sdouglas1@redhat.com Stuart Douglas
            faxe13_jira Gert Kropiunik (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: