Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-1477

JACC HttpServletRequestPolicyContextHandler removal on single application undeploy impacting all other deployed applications

    XMLWordPrintable

Details

    Description

      Please see the following forum post for a detailed explanation and findings(and potential workaround):

      https://community.jboss.org/message/822054#822054

      If multiple WARs are deployed that depend on a login module leveraging:

      HttpServletRequest request = (HttpServletRequest)PolicyContext.getContext("javax.servlet.http.HttpServletRequest");

      then upon undeploy of any web application in the container the HttpServletRequestPolicyContextHandler is removed(deregistered) in the stop() lifecycle method of the JBossWebRealmService, resulting in:

      13:03:35,335 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (ajp--0.0.0.0-8009-1) Login failure: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: No PolicyContextHandler for key=javax.servlet.http.HttpServletRequest at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:117)

      for any webapps still deployed for every subsequent access to them.

      Simply redeploying any ONE of the remaining webapps or the previously undeployed webapp causes this problem to go away for all deployed applications.

      Attachments

        Activity

          People

            tomazcerar Tomaž Cerar (Inactive)
            steve_167 Steve S (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: