Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-1477

JACC HttpServletRequestPolicyContextHandler removal on single application undeploy impacting all other deployed applications

    Details

      Description

      Please see the following forum post for a detailed explanation and findings(and potential workaround):

      https://community.jboss.org/message/822054#822054

      If multiple WARs are deployed that depend on a login module leveraging:

      HttpServletRequest request = (HttpServletRequest)PolicyContext.getContext("javax.servlet.http.HttpServletRequest");

      then upon undeploy of any web application in the container the HttpServletRequestPolicyContextHandler is removed(deregistered) in the stop() lifecycle method of the JBossWebRealmService, resulting in:

      13:03:35,335 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (ajp--0.0.0.0-8009-1) Login failure: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: No PolicyContextHandler for key=javax.servlet.http.HttpServletRequest at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:117)

      for any webapps still deployed for every subsequent access to them.

      Simply redeploying any ONE of the remaining webapps or the previously undeployed webapp causes this problem to go away for all deployed applications.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                ctomc Toma┼ż Cerar
                Reporter:
                steve_167 Steve S
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: