Announcement Announcement Module
Collapse
No announcement yet.
No Session exception when throwing NameNotFound exception Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • No Session exception when throwing NameNotFound exception

    Hi I'm getting the following exception but am at a loss as to why it's appearing at all as I have set:


    <bean id="preAuthenticatedProcessingFilter" class="com.cytwiiy.platform.web.auth.PreAuthentica tedFilter">
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="continueFilterChainOnUnsuccessfulAuthenticat ion" value="false" />
    </bean>

    <security:http create-session="never" entry-point-ref="preAuthenticatedProcessingFilterEntryPoint">
    <!-- Additional http configuration omitted -->
    <security:custom-filter position="PRE_AUTH_FILTER" ref="preAuthenticatedProcessingFilter" />
    </security:http>


    Exception occurs when I thrown UsernameNotFoundException when authentication fails. I didn't have this when using tomcat, this is new when using an embedded version of jetty. Shouldn't be a problem though as Session manager should never be requested.


    java.lang.IllegalStateException: No SessionManager
    at org.eclipse.jetty.server.Request.getSession(Reques t.java:1107)
    at org.eclipse.jetty.server.Request.getSession(Reques t.java:1097)
    at javax.servlet.http.HttpServletRequestWrapper.getSe ssion(HttpServletRequestWrapper.java:235)
    at org.springframework.security.web.authentication.pr eauth.AbstractPreAuthenticatedProcessingFilter.uns uccessfulAuthentication(AbstractPreAuthenticatedPr ocessingFilter.java:179)
    at org.springframework.security.web.authentication.pr eauth.AbstractPreAuthenticatedProcessingFilter.doA uthenticate(AbstractPreAuthenticatedProcessingFilt er.java:119)
    at org.springframework.security.web.authentication.pr eauth.AbstractPreAuthenticatedProcessingFilter.doF ilter(AbstractPreAuthenticatedProcessingFilter.jav a:86)
    at com.cytwiiy.platform.web.auth.PreAuthenticatedFilt er.doFilter(PreAuthenticatedFilter.java:31)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
    at org.springframework.security.web.context.SecurityC ontextPersistenceFilter.doFilter(SecurityContextPe rsistenceFilter.java:79)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
    at org.springframework.security.web.FilterChainProxy. doFilter(FilterChainProxy.java:169)
    at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:237)
    at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:167)
    at org.eclipse.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1322)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle( ServletHandler.java:473)
    at org.eclipse.jetty.server.handler.ContextHandler.do Handle(ContextHandler.java:921)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(S ervletHandler.java:403)
    at org.eclipse.jetty.server.handler.ContextHandler.do Scope(ContextHandler.java:856)
    at org.eclipse.jetty.server.handler.ScopedHandler.han dle(ScopedHandler.java:117)
    at org.eclipse.jetty.server.handler.ContextHandlerCol lection.handle(ContextHandlerCollection.java:247)
    at org.eclipse.jetty.server.handler.HandlerWrapper.ha ndle(HandlerWrapper.java:114)
    at org.eclipse.jetty.server.Server.handle(Server.java :352)
    at org.eclipse.jetty.server.HttpConnection.handleRequ est(HttpConnection.java:596)
    at org.eclipse.jetty.server.HttpConnection$RequestHan dler.headerComplete(HttpConnection.java:1052)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpPa rser.java:590)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(H ttpParser.java:212)
    at org.eclipse.jetty.server.HttpConnection.handle(Htt pConnection.java:426)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.han dle(SelectChannelEndPoint.java:510)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.acc ess$000(SelectChannelEndPoint.java:34)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.r un(SelectChannelEndPoint.java:40)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.r un(QueuedThreadPool.java:450)



    Any help would be most grateful. Thanks Alex
    Last edited by alexw; Jun 21st, 2011, 09:56 AM.

  • #2
    Did you try googling for the error you got along with Jetty?

    Comment


    • #3
      Originally posted by rwinch View Post
      Did you try googling for the error you got along with Jetty?
      oop, should of added not NameNotFound but UsernameNotFoundException

      ie when I throw :

      org.springframework.security.core.userdetails.User nameNotFoundException

      from my AuthenticationProvider I am not expecting to receive a session exception as no session should be existing as spring security should not of created it as :

      create-session="never"

      have googled but have not found anything that has helped as yet, noted have updated to correct exception above to improve search
      Last edited by alexw; Jun 21st, 2011, 09:57 AM.

      Comment


      • #4
        Spring Security is just trying to create a HttpSession and Jetty is throwing the Exception (you can tell this by your stacktrace). This means this is a Jetty or Jetty setup issue. You might try googling for Jetty "No SessionManager".

        Comment


        • #5
          Why is spring trying to create a session, there should be no session as : create-session="never"

          what is the point of having this in spring security config if this doesn't work

          Comment


          • #6
            you're right jetty is throwing the exception, so does this mean it makes this call regardless, and just pass false?

            To me, I don't want a session, hence no session manager but spring really shouldn't be trying to create a session, as per their own documentation, my suspicion is that it was creating a session in tomcat which is why I didn't notice before, but to me I've either missed something fundamental, ie spring security always requires a session whether you like it or not or it's broken.
            Last edited by alexw; Jun 21st, 2011, 10:29 AM.

            Comment


            • #7
              Originally posted by alexw View Post
              you're right jetty is throwing the exception, so does this mean it makes this call regardless, and just pass false?

              To me, I don't want a session, hence no session manager but spring really shouldn't be trying to create a session, as per their own documentation, my suspicion is that it was creating a session in tomcat which is why I didn't notice before, but to me I've either missed something fundamental, ie spring security always requires a session whether you like it or not or it's broken.
              You are right that the attribute is a bit misleading as it does not impact how the last exception is stored. If you would like to prevent the session from being created you can override AbstractPreAuthenticatedProcessingFilter.unsuccess fulAuthentication. I have logged a JIRA to get this straighted out.

              Comment


              • #8
                Hi Rob

                Thanks for your help.

                Alex

                Comment


                • #9
                  No problem. Sorry for my confusion on what you were asking.

                  Comment

                  Working...
                  X