views:

37

answers:

1

Hi all,

I made a change to our cluster-deployed application to be authenticated via Oracle SSO with Dynamic Directives using a servlet Filter. The filter sits in front of all the application (even in front of the Seam filter). If the request is a servlet request and the principal is null, then I redirect to SSO for authentication.

This actually works, but something strange started happening. A Session component (pimUser) that is outjected upon the first request (I can see it in the debug page) is null on the second request. I get the classic exception "@In attribute requires non-null value: sessionFinalizer.pimUser".

What is more, is that I have no invocation of the EVENT-scoped component sessionFinalizer nowhere but in the custom CustomIdentity.logout() method, of the CustomIdentity component, overriding the default Seam Identity.

Third and stranger, the tag libraries of the application are compiled in each request (look at the end of the post).

What smells to me is that somehow the session ends after each request, and so a new session is created each time. This would explain why the Session-scoped component does not exist at the second request. However, I don't know if it would explain the taglibs being compiled over and over.

I am also attaching the code of the filter, just in case I am doing something profoudly wrong.

Any ideas of what could be wrong and how to verify it?

Cheerio!

package eu.emea.pim.prs.web.filters;

import java.io.IOException;
import java.util.ArrayList;

import javax.faces.context.FacesContext;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import eu.emea.pim.prs.model.security.Role;
import eu.emea.pim.prs.web.auth.OssoDirectivesEnum;
import eu.emea.pim.prs.web.auth.PrsIdentity;

/**
 * Filter that checks the request for authenticated user, and in the case no
 * user has authenticated, redirects to the SSO login screen.
 * 
 * @author fragkakm
 * 
 */
public class SsoFilter implements Filter {
    private static final Logger logger = LoggerFactory
        .getLogger(SsoFilter.class);


@Override
public void destroy() {
}

@Override
public void doFilter(ServletRequest servletRequest,
        ServletResponse servletResponse, FilterChain chain)
        throws IOException, ServletException {
    try {
        if (servletRequest instanceof HttpServletRequest) {
            logger.info("Filtering HttpServletRequest...");
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            String user = null;
            // Try to get the authenticate user name
            try {
                user = httpServletRequest.getRemoteUser();
                logger.info("User from request: {}", user);
                if(httpServletRequest.getUserPrincipal() == null) {
                    logger.info("User principal is empty.");
                } else {                        
                    logger.info("User principal name is {}.", httpServletRequest.getUserPrincipal().getName());
                }

            } catch (Exception e) {
                user = null;
            }

            // If user is not authenticated then generate
            // dynamic directive for authentication
            if ((user == null) || (user.length() <= 0)) {
                logger
                        .info("HttpServletRequest not authenticated, sending directive 499...");
                ((HttpServletResponse) servletResponse).sendError(OssoDirectivesEnum.FORCE_AUTHENTICATION.getDirective(),
                        "Oracle SSO");
                if (FacesContext.getCurrentInstance() != null) {
                    FacesContext.getCurrentInstance().responseComplete();
                    logger
                            .info("Prevented JSF from processing response any more.");
                }
            } 
        }
    } catch (IOException e) {
        logger.error("SSO Filter exception...", e);
        throw e;
    }
    chain.doFilter(servletRequest, servletResponse);

}

@Override
public void init(FilterConfig arg0) throws ServletException {
    logger.info("Initializing SSO filter...");
}

}

And the console:

Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains    /wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jsf-impl-1.2_12.jar!/META-INF/mojarra_ext.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jboss-seam-ui-2.2.1.CR1.jar!/META-INF/s.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/richfaces-ui-3.3.3.Final.jar!/META-INF/a4j.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/richfaces-ui-3.3.3.Final.jar!/META-INF/rich.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/richfaces-ui-3.3.3.Final.jar!/META-INF/jsp.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/richfaces-ui-3.3.3.Final.jar!/META-INF/richfaces.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/richfaces-ui-3.3.3.Final.jar!/META-INF/ajax4jsf.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jsf-facelets-1.1.14.jar!/META-INF/jsf-core.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jsf-facelets-1.1.14.jar!/META-INF/jsf-html.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jsf-facelets-1.1.14.jar!/META-INF/jsf-ui.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jsf-facelets-1.1.14.jar!/META-INF/jstl-core.taglib.xml
Oct 15, 2010 5:54:51 PM com.sun.facelets.compiler.TagLibraryConfig loadImplicit
INFO: Added Library from: zip:/u01/app/oracle/product/j2ee/user_projects/domains/wls_domain/servers/prs-backend_419/tmp/_WL_user/prs2/54i92t/APP-INF/lib/jsf-facelets-1.1.14.jar!/META-INF/jstl-fn.taglib.xml
+1  A: 

A colleague pointed out that I did not return; after I set the header code in the filter. The problem of taglibs recompiling was resolved after I added the return statement. This caused the request to be also handled by other filters after the SsoFilter (the Seam filter and so on).

As far as the outjected component vanishing from session, that had to do with a required attribute set to false. I outjected manually with

Contexts.getSessionContext().set("user", user);

and this problem was also solved.

Markos Fragkakis
@Markos Fragkakis Thank you for sharing what happened (+1)
Arthur Ronald F D Garcia