Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-1998: Support for Servlet 3.0/3.1 asynchronous request processing #2223

Closed
spring-issuemaster opened this issue Jul 8, 2012 · 4 comments

Comments

Projects
None yet
2 participants
@spring-issuemaster
Copy link

commented Jul 8, 2012

Rob Winch (Migrated from SEC-1998) said:

Similar to SPR-8517 Spring Security should support Asynch Servlet request processing

Note: SEC-2067 has a sample application that should be validated against when fixing this issue

@spring-issuemaster

This comment has been minimized.

Copy link
Author

commented Dec 3, 2012

Rob Winch said:

This is resolved in master

@spring-issuemaster

This comment has been minimized.

Copy link
Author

commented Jan 1, 2013

Moosh Ben said:

I still see the same behavior on DeferredResult controllers. (after some time there is an auto logout)
It doesn't always happen as it used to before 3.2.0.M1 .

Logs are just before logging out occurs and are related to an AJAX call to a deferredResult method.

Logs:
2013-01-01 16:20:08,019 DEBUG yContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed
...
2013-01-01 16:21:32,649 DEBUG eToSessionResponseWrapper:140 - Skip saving SecurityContext since processing the HttpServletResponse on a different Thread than the original HttpServletRequest
...
2013-01-01 16:22:01,650 DEBUG SecurityContextRepository:269 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
...
2013-01-01 16:22:03,660 DEBUG AntPathRequestMatcher :116 - Checking match of request : '/deferred'; against '/resources/**'
...
2013-01-01 16:22:03,661 DEBUG SecurityContextRepository:139 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-01-01 16:22:03,661 DEBUG SecurityContextRepository:85 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@5b3cc94b. A new one will be created.
...
2013-01-01 16:22:03,664 DEBUG ymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 6D46ACB5AEA101C58A838529A3F6ED1D; Granted Authorities: ROLE_ANONYMOUS'
...
2013-01-01 16:22:03,667 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 6D46ACB5AEA101C58A838529A3F6ED1D; Granted Authorities: ROLE_ANONYMOUS
...
2013-01-01 16:22:03,668 DEBUG AffirmativeBased :65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@52d9eb97, returned: -1
...
2013-01-01 16:22:03,668 DEBUG xceptionTranslationFilter:165 - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
...

@spring-issuemaster

This comment has been minimized.

Copy link
Author

commented Jan 2, 2013

Rob Winch said:

@mooshben - As this JIRA is already closed, I have created SEC-2111 to track your issue. Do you have any more information on how to reproduce the issue? Perhaps a sample project? If you have futher information please provide it on SEC-2111. Thanks!

@spring-issuemaster

This comment has been minimized.

Copy link
Author

commented Feb 6, 2016

This issue depends on #2301

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.