When using web sockets and Spring Session on WL 12.2.1.3, an error occurs in WebLogicRequestUpgradeStrategy because the request passed to the WebLogic code has a wrapped session.
Note that this really shouldn't require Spring Session. If you put any filter that replaces or wraps the original session, you should see the same results.
The following stack trace comes from v4.3.17.RELEASE, but the code is the same in in v.4.3.25.RELEASE and in master.
Caused By: java.lang.reflect.InvocationTargetException
--
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.socket.server.standard.WebLogicRequestUpgradeStrategy$SubjectHelper.getSubject(WebLogicRequestUpgradeStrategy.java:239)
Truncated. see log file for complete stacktrace
Caused By: java.lang.ClassCastException: org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper$HttpSessionWrapper cannot be cast to weblogic.servlet.security.internal.SessionSecurityData
at weblogic.servlet.security.internal.SecurityModule.getCurrentUser(SecurityModule.java:197)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
Truncated. see log file for complete stacktrace
I have been able to patch this locally by changing WebLogicRequestUpgradeStrategy.SubjectHelper.getSubject() from
Object subject = currentUserMethod.invoke(null, securityContext, request);
to
Object subject = currentUserMethod.invoke(null, securtyContext, getNativeRequest(request));
I put the change here because I wanted to localize it as much as possible to reduce the chance of side effects. I'm not really sure if this is the appropriate change though.
Comment From: saraogurmeet
When using web sockets and Spring Session on WL 12.2.1.3, an error occurs in WebLogicRequestUpgradeStrategy because the request passed to the WebLogic code has a wrapped session.
Note that this really shouldn't require Spring Session. If you put any filter that replaces or wraps the original session, you should see the same results.
The following stack trace comes from v4.3.17.RELEASE, but the code is the same in in v.4.3.25.RELEASE and in master.
Caused By: java.lang.reflect.InvocationTargetException -- at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.web.socket.server.standard.WebLogicRequestUpgradeStrategy$SubjectHelper.getSubject(WebLogicRequestUpgradeStrategy.java:239) Truncated. see log file for complete stacktrace Caused By: java.lang.ClassCastException: org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper$HttpSessionWrapper cannot be cast to weblogic.servlet.security.internal.SessionSecurityData at weblogic.servlet.security.internal.SecurityModule.getCurrentUser(SecurityModule.java:197) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) Truncated. see log file for complete stacktraceI have been able to patch this locally by changing WebLogicRequestUpgradeStrategy.SubjectHelper.getSubject() from
java Object subject = currentUserMethod.invoke(null, securityContext, request);to
java Object subject = currentUserMethod.invoke(null, securtyContext, getNativeRequest(request));I put the change here because I wanted to localize it as much as possible to reduce the chance of side effects. I'm not really sure if this is the appropriate change though.
I tried using your solution in my application but I am still getting the same error. Were you able to resolve this issue?
Comment From: jshobe-inetsoft
@saraogurmeet Yes, we have this deployed and working.
What we did was to create a class, PatchedWebLogicRequestUpgradeStrategy, which is just copied from the WebLogicRequestUpgradeStrategy with the described patch applied.
public class PatchedWebLogicRequestUpgradeStrategy extends AbstractTyrusRequestUpgradeStrategy {
...
Object subject = this.currentUserMethod.invoke(null, securityContext, getNativeRequest(request));
...
}
This class is then used in our AbstractSessionWebSocketMessageBrokerConfigurer implementation when we register the endpoint. For example:
@Override
public void configureStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/topics")
.setHandshakeHandler(new DefaultHandshakeHandler(new PatchedWebLogicRequestUpgradeStrategy()))
.withSockJS();
}
I hope this helps.
Comment From: saraogurmeet
Thanks for the quick reply. I am getting the compilation error when trying to setHandshakeHandler on my implementation of AbstractSessionWebSocketMessageBrokerConfigurer
I am using spring-websocket-4.3.6.RELEASE jar. Can you please take a look..
Comment From: jshobe-inetsoft
@saraogurmeet Sorry, I was trying to extract the relevant code from our class and made a mistake. You need to use setHandshakeHandler(new DefaultHandshakeHandler(new WebLogicRequestUpgradeStrategy())). I've updated my original comment.
Comment From: saraogurmeet
@jshobe-inetsoft I added the new RequestUpgradeStrategy class with the changes suggested by you and then update the WebsocketConfig to set the HandshakeHandler there. But still I am getting the same error.
In addition to this, I have put a lot of Sysout statements in the PatchedWebLogicRequestUpgradeStrategy class but the control is never coming to those lines. Did you also change any configuration for SessionRepositoryFilter in web.xml?
Comment From: snicoll
@rstoyanchev looking at WebLogicRequestUpgradeStrategy I can see that handleSuccess does retrive the native request to bind to it but then pass the regular one further down, including to that getSubject method. I wonder if using the native one consistently would be better?
Comment From: spring-projects-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: spring-projects-issues
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.