Kuali Rice Development
  1. Kuali Rice Development
  2. KULRICE-13159

Rice placing HTTP request into session scope - prevents session replication/restore

    Details

    • Type: Bug Fix Bug Fix
    • Status: Open Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 2.5
    • Fix Version/s: 2.6
    • Security Level: Public (Public: Anyone can view)
    • Labels:
    • Similar issues:
      KULRICE-1036Support Session Scope for Kuali Documents
      KULRICE-6007Session timeout on Ajax request not displayed
      KULRICE-1352form is not restored from session for multipart request
      KULRICE-14287XML ingester page does not work because of CSRF prevention
      KULRICE-7012Limit the size of form storage in session
      KULRICE-5356Create a Servlet Filter to check for session attributes that are
      KULRICE-8634Overriding session document service prevents any transactional document from being saved.
      KULRICE-2275make Rice tags dependent on using session documents and not request-based documents
    • Rice Team:
      Framework
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Include in Release Notes?:
      Yes

      Description

      Rice seems to be putting non-serializable objects into the main UifFormBase class. (In this case, the HTTP Request itself.)

      I don't know the reason for this, but any such objects should at least be marked as transient so they don't prevent session replication

      Aug 27, 2014 3:24:47 PM org.apache.catalina.session.StandardManager doLoad
      SEVERE: IOException while loading persisted sessions: java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.apache.catalina.connector.RequestFacade
      	- field (class "org.kuali.rice.krad.web.form.UifFormBase", name: "request", type: "interface javax.servlet.http.HttpServletRequest")
      	- object (class "org.kuali.rice.krad.web.login.DummyLoginForm", DummyLoginForm [viewId=DummyLoginView, viewName=null, viewTypeName=null, pageId=LoginPage, methodToCall=submit, formKey=72f3626a-2856-48bb-8675-22cfbb77bedf, requestedFormKey=null])
      	- custom writeObject data (class "java.util.HashMap")
      	- object (class "java.util.HashMap", {72f3626a-2856-48bb-8675-22cfbb77bedf=DummyLoginForm [viewId=DummyLoginView, viewName=null, viewTypeName=null, pageId=LoginPage, methodToCall=submit, formKey=72f3626a-2856-48bb-8675-22cfbb77bedf, requestedFormKey=null]})
      	- field (class "org.kuali.rice.krad.web.form.UifFormManager", name: "sessionForms", type: "interface java.util.Map")
      	- root object (class "org.kuali.rice.krad.web.form.UifFormManager", org.kuali.rice.krad.web.form.UifFormManager@5a52d591)
      java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.apache.catalina.connector.RequestFacade
      

        Activity

        Hide
        Kristina Taylor (Inactive) added a comment -

        Jerry Neal, can you give your architectural point of view on this?

        Show
        Kristina Taylor (Inactive) added a comment - Jerry Neal , can you give your architectural point of view on this?
        Hide
        Jerry Neal (Inactive) added a comment -

        The reason we have it is to provide the request to the lifecycle and service controller impls.

        Jonathan is correct though, is should be transient and also have the @SessionTransient annotation

        Show
        Jerry Neal (Inactive) added a comment - The reason we have it is to provide the request to the lifecycle and service controller impls. Jonathan is correct though, is should be transient and also have the @SessionTransient annotation
        Hide
        Kristina Taylor (Inactive) added a comment -

        Jonathan Keller, how do we test this?

        Show
        Kristina Taylor (Inactive) added a comment - Jonathan Keller , how do we test this?
        Hide
        Jonathan Keller added a comment -

        well - I noticed it by just restarting the application. I had been testing - including some KRAD lookup screens and documents (probably not completing them). I killed the server with Ctrl-C. Then, when I restarted the server, I saw the trace as Tomcat attempted to restore sessions from the serialized store it uses by default.

        Show
        Jonathan Keller added a comment - well - I noticed it by just restarting the application. I had been testing - including some KRAD lookup screens and documents (probably not completing them). I killed the server with Ctrl-C. Then, when I restarted the server, I saw the trace as Tomcat attempted to restore sessions from the serialized store it uses by default.

          People

          • Assignee:
            Jerry Neal (Inactive)
            Reporter:
            Jonathan Keller
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:

              Structure Helper Panel