Security issue on Websphere [message #1746513] |
Mon, 31 October 2016 13:32 |
Urs Beeli Messages: 573 Registered: October 2012 Location: Bern, Switzerland |
Senior Member |
|
|
We're deploying our Scout-Neon (6.0.100.RC4) App (Both Backend + UI WARs within one EAR) on Websphere 8.5. After an apparently successful login (LDAP), the server starts to fetch data from the DB and prepares the response for the call. Just before the result is returned to the client we see a WebSphere the specific error SESN0008E (see below) in the logs. The desktop does not show up in the browser, we only see the message "Sever error (Code 20) UI Processing Error".
After disabling "Security Integration" for the session in Websphere Admin Console, the error goes away. Does anyone else observe a similar problem with security-enabled application within an appserver?
[2016-10-31 13:38:41,695] [WebContainer : 1] INFO business.class ch.sbb.cisi.stammdaten.business.technisch.impl.ParameterProcess getAll - Retrieved entities: 1
[2016-10-31 13:38:41,722] [WebContainer : 0] INFO org.eclipse.scout.rt.ui.html.UiSession init - UiSession with ID 1:5c7p8h726l4dn6v1cfc7mih705 initialized
[2016-10-31 13:38:41,723] [WebContainer : 0] INFO org.eclipse.scout.rt.ui.html.json.JsonMessageRequestHandler createUiSession - Created new UI session with ID 1:5c7p8h726l4dn6v1cfc7mih705 in 5324.158962 ms [maxIdleTime=14400s, httpSession.maxInactiveInterval=300s]
[2016-10-31 13:38:41,732] [scout-model-thread-22] WARN org.eclipse.scout.rt.ui.html.UiSession call - Error while transforming response to JSON: JsonResponse [STARTUP RESPONSE, adapters: 606, events: 37, buffered events adapters: 0]
com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:ldapi.sbb.ch:389/cn=u202279,ou=Int Mitarbeiter,dc=SBB,dc=ch.
at com.ibm.ws.session.SessionContext.checkSecurity(SessionContext.java:1395)
at com.ibm.ws.session.SessionContext.isValid(SessionContext.java:898)
at com.ibm.ws.webcontainer.srt.SRTRequestContext.getSession(SRTRequestContext.java:96)
at com.ibm.ws.webcontainer.srt.SRTServletRequest.getSession(SRTServletRequest.java:2168)
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:238)
at org.eclipse.scout.rt.server.commons.servlet.UrlHints.calculateHint(UrlHints.java:118)
at org.eclipse.scout.rt.server.commons.servlet.UrlHints.isInspectorHint(UrlHints.java:130)
at org.eclipse.scout.rt.ui.html.json.InspectorInfo.put(InspectorInfo.java:26)
at org.eclipse.scout.rt.ui.html.json.AbstractJsonAdapter.toJson(AbstractJsonAdapter.java:128)
at org.eclipse.scout.rt.ui.html.json.AbstractJsonPropertyObserver.toJson(AbstractJsonPropertyObserver.java:122)
at org.eclipse.scout.rt.ui.html.json.form.fields.button.JsonButton.toJson(JsonButton.java:95)
at org.eclipse.scout.rt.ui.html.json.JsonResponse.toJson(JsonResponse.java:258)
at org.eclipse.scout.rt.ui.html.UiSession.responseToJsonInternal(UiSession.java:685)
at org.eclipse.scout.rt.ui.html.UiSession$5.call(UiSession.java:697)
at org.eclipse.scout.rt.ui.html.UiSession$5.call(UiSession.java:1)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:185)
at org.eclipse.scout.rt.platform.context.RunContextRunner$1.call(RunContextRunner.java:42)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:185)
at org.eclipse.scout.rt.platform.security.SubjectProcessor$1.run(SubjectProcessor.java:47)
at java.security.AccessController.doPrivileged(AccessController.java:456)
at javax.security.auth.Subject.doAs(Subject.java:572)
at org.eclipse.scout.rt.platform.security.SubjectProcessor.intercept(SubjectProcessor.java:43)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:180)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain.call(CallableChain.java:135)
at org.eclipse.scout.rt.platform.context.RunContext.call(RunContext.java:121)
at org.eclipse.scout.rt.platform.context.RunContextRunner.intercept(RunContextRunner.java:38)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:180)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain.call(CallableChain.java:135)
at org.eclipse.scout.rt.platform.job.internal.JobFutureTask$1.call(JobFutureTask.java:100)
at java.util.concurrent.FutureTask.run(FutureTask.java:274)
at org.eclipse.scout.rt.platform.job.internal.JobFutureTask.run(JobFutureTask.java:160)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1157)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:627)
at java.lang.Thread.run(Thread.java:798)
at org.eclipse.scout.rt.platform.job.internal.NamedThreadFactory$1.run(NamedThreadFactory.java:54)
[2016-10-31 13:38:41,734] [WebContainer : 0] INFO technical.class ch.sbb.cisi.core.scout.ui.html.UiServletFilter doFilter - Login handled by CisiController
|
|
|
Powered by
FUDForum. Page generated in 0.03335 seconds