Jetspeed 2
  1. Jetspeed 2
  2. JS2-735

Jetty-6 ConcurrentModificationException on logout

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1
    • Fix Version/s: 2.1.2
    • Component/s: None
    • Labels:
      None
    • Environment:
      jetty-6.1.3 jetspeed-2.1

      Description

      I'm trying to deploy my jetspeed-2 based portal to jetty-6.
      My portal deploys successfully and working fine, but a get ConcurrentModificationException when i pressing logout link.

      Here is a stack trace:

      java.util.ConcurrentModificationException
      at java.util.HashMap$HashIterator.nextEntry(Unknown Source)
      at java.util.HashMap$KeyIterator.next(Unknown Source)
      at org.mortbay.jetty.servlet.AbstractSessionManager$Session.doInvalidate(AbstractSessionManager.java:921)
      at org.mortbay.jetty.servlet.AbstractSessionManager$Session.invalidate(AbstractSessionManager.java:902)
      at org.apache.jetspeed.login.LogoutServlet.doGet(LogoutServlet.java:38)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
      at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
      at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1098)
      at org.apache.jetspeed.engine.servlet.XXSUrlAttackFilter.doFilter(XXSUrlAttackFilter.java:51)
      at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1089)
      at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:365)
      at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
      at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
      at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)
      at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
      at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:211)
      at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
      at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
      at org.mortbay.jetty.Server.handle(Server.java:285)
      at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:502)
      at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:821)
      at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:513)
      at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:208)
      at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:378)
      at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:368)
      at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)

      I think this issue is a result of the recursive Session.invalidate() invocation by
      org.apache.jetspeed.container.session.PortalSessionMonitorImpl.invalidateSession()
      org.apache.jetspeed.container.session.PortalSessionsManagerImpl.portalSessionDestroyed(PortalSessionMonitor)
      org.mortbay.jetty.servlet.AbstractSessionManager.Session.unbindValue(String, Object)

      I mean that Session.invalidate() calls Session.unbindValue() which calls above-listed stack and PortalSessionMonitorImpl.invalidateSession() calls Session.invalidate() again.

      Steps how to deploy jetspeed to jetty

      1. Install jetty-6.1.3
      2. Download attached file jetspeed-jetty-deploy-files.zip from attachment
      3. Unzip this file to jetty.home
      4. Copy shared jetspeed libs to jetty.home/lib/
      5. Copy jetspeed webapp folder to jetty.home/webapps-jetspeed/
      6. Copy j2-admin.war to jetty.home/webapps-jetspeed/
      7 Open jetty.home/etc/jetty-jetspeed.xml and change c:/tmp/j2 to your path to derby database
      8. start jetty with command java -jar start.jar etc/jetty-jetspeed.xml
      9. Copy jetspeed-layouts to deploy/local folder of jetspeed
      10. Wait for layouts deployment.
      10. Restart jetty server (Stop it and start with java -jar start.jar etc/jetty-jetspeed.xml)

        Activity

        Hide
        Sergey Parilin added a comment -

        jetty deployment configuration files

        Show
        Sergey Parilin added a comment - jetty deployment configuration files
        Hide
        Ate Douma added a comment -

        I've tried it out and found the problem: Jetty cannot handle session.invalidate() called from a HttpSessionBindingListener.unboundValue(...)
        This looks like a bug in Jetty to me, but I can fix it in Jetspeed as its called from PortalsSessionsManagerImpl.portalSessionDestroyed(...) and .sessionDestroyed(...) where it isn't absolutely needed to do so
        (just an extra, extra safeguard forcing invalidation when the PortletApplicationSessionMonitor is removed from the session itself).

        While testing this, I also found another problem caused by the JS2-681 fixes (Login portlet doesn't run in Tomcat ROOT context).
        It turns out those fixes resulted in invalid urls: /jetspeed//login/proxy (notice the double slash).
        Tomcat accepted those, but Jetty seems to be more strict (good).
        I'll fix those too by reopening JS2-681

        Show
        Ate Douma added a comment - I've tried it out and found the problem: Jetty cannot handle session.invalidate() called from a HttpSessionBindingListener.unboundValue(...) This looks like a bug in Jetty to me, but I can fix it in Jetspeed as its called from PortalsSessionsManagerImpl.portalSessionDestroyed(...) and .sessionDestroyed(...) where it isn't absolutely needed to do so (just an extra, extra safeguard forcing invalidation when the PortletApplicationSessionMonitor is removed from the session itself). While testing this, I also found another problem caused by the JS2-681 fixes (Login portlet doesn't run in Tomcat ROOT context). It turns out those fixes resulted in invalid urls: /jetspeed//login/proxy (notice the double slash). Tomcat accepted those, but Jetty seems to be more strict (good). I'll fix those too by reopening JS2-681
        Hide
        Ate Douma added a comment -

        Fixed

        Show
        Ate Douma added a comment - Fixed
        Hide
        Ate Douma added a comment -

        Jetty (6.1.4) has a similar problem when redepoying apps.
        As Jetty then invalidates all sessions (sic), the PortalSessionManager is also invalidated leading again to the same type of exception.

        I'm going to modify our PortalSessionsManager solution with an additional optional constructor parameter, forceInvalidate, which will by default be true, but needs to be set to false for Jetty.

        Show
        Ate Douma added a comment - Jetty (6.1.4) has a similar problem when redepoying apps. As Jetty then invalidates all sessions (sic), the PortalSessionManager is also invalidated leading again to the same type of exception. I'm going to modify our PortalSessionsManager solution with an additional optional constructor parameter, forceInvalidate, which will by default be true, but needs to be set to false for Jetty.
        Hide
        Ate Douma added a comment -

        Fixed again as described above.

        Note: hot redeployment of web/portlet applications on Jetty won't be much fun for end-users as it will invalidate all sessions then!

        Show
        Ate Douma added a comment - Fixed again as described above. Note: hot redeployment of web/portlet applications on Jetty won't be much fun for end-users as it will invalidate all sessions then!

          People

          • Assignee:
            Ate Douma
            Reporter:
            Sergey Parilin
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development