Bugzilla – Full Text Bug Listing
| Summary: | [server] HttpSession attributes must not be shared between ServletContext with Jetty 9 | ||
|---|---|---|---|
| Product: | [ECD] Orion | Reporter: | Anthony Hunter <ahunter.eclipse> |
| Component: | Server | Assignee: | Anthony Hunter <ahunter.eclipse> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | normal | ||
| Priority: | P3 | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Bug Depends on: | |||
| Bug Blocks: | 444496 | ||
This problem is caused by our servlet extensions each defining its own httpcontextId in the extensions in the plugin.xml. Working with Simon, we came to the conclusion that there should be one http context. This worked with Jetty 8 but no longer works with Jetty 9. Closing as part of a mass clean up of inactive bugs. Please reopen if this problem still occurs or is relevant to you. For more details see: https://dev.eclipse.org/mhonarc/lists/orion-dev/msg04002.html |
Our FormAuthHelper in our authentication attaches the logged in user to the HttpSession: HttpServletRequest.getSession().setAttribute("user", username); The Orion servlets subsequently looks up the user from the session. There are changes in Equinox to adopt javax.servlet 3.1 and Jetty 9, and the Equinox change as a result of defect 459349 "[http] HttpSession attributes must not be shared between ServletContext" broke this. The remote user ends up being null. We definitely should be able to share the user attribute between instances of HttpSession, so there is some kind of ServletContext we need to setup with javax.servlet 3.1. Investigation is required. For the SPDY prototype I can work around the issue by hard coding the user attribute in the HttpSession when it hits the AuthorizedUserFilter and LoggedInUserFilter (so my SPDY prototype bcomes a one user server :-( ).