Project

General

Profile

Actions
Copy link

Bug #23920

closed

Lift Async system is not able to find spring SecurityContextHolder

Added by François ARMAND 11 months ago. Updated 8 months ago.

Status:
Released
Priority:
N/A
Assignee:
Vincent MEMBRÉ
Category:
Architecture - Code maintenance
Target version:
8.1.0~alpha1
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

In https://github.com/Normation/rudder/pull/5229 I changed the way that CurrentUser was computed and stored in session because it lead to error in several page.

At the time, I supposed it was due to the session fixation prevention process built in spring security, and that lift was trying to use the old (destroyed) session in place of the new one in some context.
That first correction helped, but we still have a problem: in the context of async requests (at least when using lazy-load which uses under the hood AsyncRenderComet.asyncRender), SecurityContextHolder is lost.

I suppose it have to do with the way the session snapshot is done, and perhaps of a similar cause than previously (session moved in the async context?)

Related issues 3 (0 open3 closed)

Related to Rudder - Architecture #23797: Backend evolution for node RBAC: add tenants domain conceptReleasedVincent MEMBRÉActions
Related to Rudder - Bug #24017: Webapp can fail to start with null sessionid error ReleasedFrançois ARMANDActions
Related to Rudder - Bug #24117: Missing policy generation statusReleasedVincent MEMBRÉActions
Actions
Copy link

Also available in: Atom PDF