CODEWITHSUNDEEP
javawildflyjava-securityjsf-2.3wildfly-cluster
alechner
alechner

Reputation: 1

wildfly cluster login with java ee 8 security-api

we are trying to create a wildfly 16 High Available cluster with JEE8 Security API. Project works as standalone application well but not as cluster! We are getting a infispan NotSerializableException.

We have a wildfly 16 standalone application with jsf 2.3, CDI 2.0 and Soteria. This is running fine as standalone. Now we want to run this configuration as standalone wildfly-cluster. The wildflys are comming up and they know each other.

But when as we call our application we get the following exception: java.lang.IllegalArgumentException: org.infinispan.commons.marshall.NotSerializableException: org.glassfish.soteria.servlet.RequestData

If needed we can post the whole stacktrace.

If we would remove "distributable" from web.xml, it would work without any exception but then we are not able to share session between instances.

Are we missing some configuration? Or do we have another missunderstanding?

Thank You for your help


@AutoApplySession 
@LoginToContinue(loginPage = "/login.xhtml", errorPage = "", useForwardToLogin = true)
@ApplicationScoped
public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism {

    @Inject
    private CustomIdentityStore identityStore;

    ...
}

@Model
public class LoginBean implements Serializable {

    public void login() {
        FacesContext context = FacesContext.getCurrentInstance();
        Credential credential = new CustomCredential(username, password);

        AuthenticationStatus status = securityContext.authenticate(
                (HttpServletRequest) externalContext.getRequest(),
                (HttpServletResponse) externalContext.getResponse(),
                withParams()
                        .credential(credential)
                        .newAuthentication(false)
                        .rememberMe(true)
        );
    ...
    }
}


web.xml:
...
distributable
...

Edit from 3 july 2019:

As I can see now, the problem is in the Soteria Impementation. I found the following commit on github: "https://github.com/eclipse-ee4j/soteria/commit/fd9a29c4452f99b426dabc296ec759d36766a56f". The question for me is now, when do this go alive? What are the alternatives for it, to achieve a role-based access to the resources and to redirect unauthenticated users to an custom login page?

Upvotes: 0

Views: 468

Answers (1)

user2814332
user2814332

Reputation: 68

It seems like an object of type org.glassfish.soteria.servlet.RequestData needs to be replicated among the serveral instances of your cluster. The replication works by serializing the object on one side and deserializing it again on the other. This explains why the code works in a non-cluster environment.

This class, however, seems not to implement java.io.Serializable. Are you using RequestData in any object which is session-scoped?

Upvotes: 1

Related Questions