Results 1 to 2 of 2

Thread: IllegalArgumentException: SessionIdentifierAware did not return a Session ID

  1. Mar 23rd, 2006, 11:57 AM #1
    ambeth
    ambeth is offline Member
    Join Date
    Sep 2005
    Location
    London
    Posts
    64

    Default IllegalArgumentException: SessionIdentifierAware did not return a Session ID

    Got a problem with the latest Acegi from CVS - it seems that the first time a user logs in via a cookie, they are missing session details from their RememberMeAuthenticationToken. This causes assertions to fail for me.

    Code:
    Unknown Error = java.lang.IllegalArgumentException: SessionIdentifierAware did not return a Session ID (org.acegisecurity.ui.WebAuthenticationDetails@ffffc434: RemoteIpAddress: 10.6.17.53; SessionId: null)
java.lang.IllegalArgumentException: SessionIdentifierAware did not return a Session ID (org.acegisecurity.ui.WebAuthenticationDetails@ffffc434: RemoteIpAddress: 10.6.17.53; SessionId: null)
	at org.springframework.util.Assert.hasText(Assert.java:169)
	at org.acegisecurity.concurrent.SessionRegistryUtils.obtainSessionIdFromAuthentication(SessionRegistryUtils.java:53)
	at org.acegisecurity.concurrent.ConcurrentSessionControllerImpl.checkAuthenticationAllowed(ConcurrentSessionControllerImpl.java:100)
	at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:209)
	at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:51)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:131)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:207)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:246)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:240)
	at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:303)
	at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:120)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
	at java.lang.Thread.run(Thread.java:534)
    I think the problem is located in TokenBasedRememberMeServices - line 235 -
    Code:
                            RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(this.key,
                                userDetails, userDetails.getAuthorities());
                        auth.setDetails(new WebAuthenticationDetails(request,
                                false));
    The WebAuthenticationDetails constructor is called with forceSessionCreation = false here, and on the initial cookie login attempt a HttpSession hasnt been created.

    Is my acegi filter chain in the wrong order, or should this constructor be called with forceSessionCreation = true ?

    My filter chain -
    Code:
    httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter,concurrentSessionFilter,contextHolderAwareRequestFilter,filterInvocationInterceptor
    Last edited by ambeth; Mar 27th, 2006 at 02:47 AM.
  2. Mar 27th, 2006, 03:20 AM #2
    ambeth
    ambeth is offline Member
    Join Date
    Sep 2005
    Location
    London
    Posts
    64

    Default

    Found the problem + fix

    http://opensource.atlassian.com/proj...browse/SEC-183
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules