You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
After persisting an OpenId session to the SessionDataStore the user identity is lost as it is a transient field in SessionAuthentication. This is causing an ISE when the Authenticator tries to revalidate the userIdentity of the SessionAuthentication saved at the SessionAuthentication.__J_AUTHENTICATED attribute.
java.lang.IllegalStateException: !UserIdentity
at org.eclipse.jetty.security@10.0.12-SNAPSHOT/org.eclipse.jetty.security.authentication.SessionAuthentication.getUserIdentity(SessionAuthentication.java:62)
at org.eclipse.jetty.security.openid@10.0.12-SNAPSHOT/org.eclipse.jetty.security.openid.OpenIdAuthenticator.validateRequest(OpenIdAuthenticator.java:463)
at org.eclipse.jetty.security@10.0.12-SNAPSHOT/org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:58)
at org.eclipse.jetty.server@10.0.12-SNAPSHOT/org.eclipse.jetty.server.Request.getUserPrincipal(Request.java:1633)
at org.eclipse.jetty.security.openid@10.0.12-SNAPSHOT/org.eclipse.jetty.security.openid.OpenIdAuthenticationTest$HomePage.doGet(OpenIdAuthenticationTest.java:225)
at jetty.servlet.api@4.0.6/javax.servlet.http.HttpServlet.service(HttpServlet.java:503)
at jetty.servlet.api@4.0.6/javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:529)
at org.eclipse.jetty.server@10.0.12-SNAPSHOT/org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
at org.eclipse.jetty.security@10.0.12-SNAPSHOT/org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549)
at org.eclipse.jetty.server@10.0.12-SNAPSHOT/org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server@10.0.12-SNAPSHOT/org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server@10.0.12-SNAPSHOT/org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571)
at org.eclipse.jetty.server@10.0.12-SNAPSHOT/org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
at org.eclipse.jetty.server@10.0.12-SNAPSHOT/org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1378)
Jetty version(s)
all
Description
After persisting an OpenId session to the
SessionDataStore
the user identity is lost as it is a transient field inSessionAuthentication
. This is causing an ISE when theAuthenticator
tries to revalidate the userIdentity of theSessionAuthentication
saved at theSessionAuthentication.__J_AUTHENTICATED
attribute.How to reproduce?
I have a test case to reproduce this on the branch https://github.com/eclipse/jetty.project/blob/jetty-10.0.x-OpenIdSessionSerialization
https://github.com/eclipse/jetty.project/blob/023f194f7a975d256776bdd284cd9c2ef4112762/jetty-openid/src/test/java/org/eclipse/jetty/security/openid/OpenIdAuthenticationTest.java#L164-L176
The text was updated successfully, but these errors were encountered: