tags:

views:

37

answers:

1
Q: 

Seam: Session component is null and taglibs are compiled in each request

Hi all,

I made a change to our cluster-deployed application to be authenticated via Oracle SSO with Dynamic Directives using a servlet Filter. The filter sits in front of all the application (even in front of the Seam filter). If the request is a servlet request and the principal is null, then I redirect to SSO for authentication.

This actually works, but something strange started happening. A Session component (pimUser) that is outjected upon the first request (I can see it in the debug page) is null on the second request. I get the classic exception "@In attribute requires non-null value: sessionFinalizer.pimUser".

What is more, is that I have no invocation of the EVENT-scoped component sessionFinalizer nowhere but in the custom CustomIdentity.logout() method, of the CustomIdentity component, overriding the default Seam Identity.

Third and stranger, the tag libraries of the application are compiled in each request (look at the end of the post).

What smells to me is that somehow the session ends after each request, and so a new session is created each time. This would explain why the Session-scoped component does not exist at the second request. However, I don't know if it would explain the taglibs being compiled over and over.

I am also attaching the code of the filter, just in case I am doing something profoudly wrong.

Any ideas of what could be wrong and how to verify it?

Cheerio!

package eu.emea.pim.prs.web.filters;

import java.io.IOException;
import java.util.ArrayList;

import javax.faces.context.FacesContext;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import eu.emea.pim.prs.model.security.Role;
import eu.emea.pim.prs.web.auth.OssoDirectivesEnum;
import eu.emea.pim.prs.web.auth.PrsIdentity;

/**
 * Filter that checks the request for authenticated user, and in the case no
 * user has authenticated, redirects to the SSO login screen.
 * 
 * @author fragkakm
 * 
 */
public class SsoFilter implements Filter {
    private static final Logger logger = LoggerFactory
        .getLogger(SsoFilter.class);


@Override
public void destroy() {
}

@Override
public void doFilter(ServletRequest servletRequest,
        ServletResponse servletResponse, FilterChain chain)
        throws IOException, ServletException {
    try {
        if (servletRequest instanceof HttpServletRequest) {
            logger.info("Filtering HttpServletRequest...");
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            String user = null;
            // Try to get the authenticate user name
            try {
                user = httpServletRequest.getRemoteUser();
                logger.info("User from request: {}", user);
                if(httpServletRequest.getUserPrincipal() == null) {
                    logger.info("User principal is empty.");
                } else {                        
                    logger.info("User principal name is {}.", httpServletRequest.getUserPrincipal().getName());
                }

            } catch (Exception e) {
                user = null;
            }

            // If user is not authenticated then generate
            // dynamic directive for authentication
            if ((user == null) || (user.length() <= 0)) {
                logger
                        .info("HttpServletRequest not authenticated, sending directive 499...");
                ((HttpServletResponse) servletResponse).sendError(OssoDirectivesEnum.FORCE_AUTHENTICATION.getDirective(),
                        "Oracle SSO");
                if (FacesContext.getCurrentInstance() != null) {
                    FacesContext.getCurrentInstance().responseComplete();
                    logger
                            .info("Prevented JSF from processing response any more.");
                }
            } 
        }
    } catch (IOException e) {
        logger.error("SSO Filter exception...", e);
        throw e;
    }
    chain.doFilter(servletRequest, servletResponse);

}

@Override
public void init(FilterConfig arg0) throws ServletException {
    logger.info("Initializing SSO filter...");
}

}

And the console:

Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains    /wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jsf-impl-1.2_12.jar!/META-INF/mojarra_ext.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jboss-seam-ui-2.2.1.CR1.jar!/META-INF/s.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/richfaces-ui-3.3.3.Final.jar!/META-INF/a4j.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/richfaces-ui-3.3.3.Final.jar!/META-INF/rich.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/richfaces-ui-3.3.3.Final.jar!/META-INF/jsp.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/richfaces-ui-3.3.3.Final.jar!/META-INF/richfaces.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/richfaces-ui-3.3.3.Final.jar!/META-INF/ajax4jsf.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jsf-facelets-1.1.14.jar!/META-INF/jsf-core.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jsf-facelets-1.1.14.jar!/META-INF/jsf-html.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jsf-facelets-1.1.14.jar!/META-INF/jsf-ui.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jsf-facelets-1.1.14.jar!/META-INF/jstl-core.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jsf-facelets-1.1.14.jar!/META-INF/jstl-fn.taglib.xml
+1  A: 

A colleague pointed out that I did not return; after I set the header code in the filter. The problem of taglibs recompiling was resolved after I added the return statement. This caused the request to be also handled by other filters after the SsoFilter (the Seam filter and so on).

As far as the outjected component vanishing from session, that had to do with a required attribute set to false. I outjected manually with 

Contexts.getSessionContext().set("user", user);

and this problem was also solved.

Markos Fragkakis  2010-10-18 09:19:14
@Markos Fragkakis Thank you for sharing what happened (+1)
Arthur Ronald F D Garcia  2010-10-18 16:40:29

related questions

Can I connect to SQL Server using Windows Authentication from Java EE webapp?
Retrieve list of defined roles in java ee 5
Is the offical Sun Java EE tutorial the best way to learn how to make Java web apps?
Top reason not to use EJB 3.0 again?
JMS message receiver filtering by JMSCorrelationID
What is the default session timeout for a Java EE website?
Servlet for serving static content
Are EJB still alive ?
what is j2ee/jee?
EJB3 Transaction Propogation
Most important problem solved by EJB 3?
Which EJB 3 persisent provider should I use?
Hosting control panel with JEE Application Server support?
What is the best place to store a configuration file in a java web application (war) ?
Mixing EJB 2.x BMP entity beans with Hibernate 3.x
JEE SqlResultSetMapping Syntax problem?
Is there a simpler way to deploy to WebSphere?
Tomcat vs Weblogic JNDI Lookup
Any data-driven open source JEE5 EJB3+JSF Sample Project out there?
data 'security' with java and hibernate
JSF Lifecycle and Custom components
Are there any alternatives to Gigaspaces?
Are there any studies comparing JEE vs. .NET?
How can I override an EJB 3 session bean method with a generic argument - if possible at all?
What's your "best practice" for the first Java EE Spring project?