LoginEvents with Null Subject from SessionManagerImpl

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

LoginEvents with Null Subject from SessionManagerImpl

Henri Johannes Mikkonen
LoginEvents with Null Subject from SessionManagerImpl

Hello,

I wrote an issue some weeks ago to the JIRA: https://bugs.internet2.edu/jira/browse/SIDP-312

However, according to the Chad's instructions on "Dealing with possible bugs" (posted 3.6.09), I should have first asked from this list if it's a bug, or have I got it wrong. That's probably the reason why the issue hasn't been commented yet in JIRA.

(Copy-pasted) contents of the issue:

SessionManagerImpl class publishes a LoginEvent in two cases:

1) when createSession() method is called
2) when its ApplicationListener sees AddEntryEvent

First, it would be more logical for the listeners if the event was published only once.
Second, currently there is a race condition, depending on the timing, the ApplicationListeners may not be able to get the subject / principal information from the Session object, because they are set a little bit later by the AuthenticationEngine.

If you need any further information, please ask.

Best Regards,
Henri Mikkonen

Reply | Threaded
Open this post in threaded view
|

Re: LoginEvents with Null Subject from SessionManagerImpl

Chad La Joie
Yes, currently there are a number of issues with that way that eventing
code works.  Note that the publication of two different events is not an
issue.  Two *different* events are being published and they mean
different things.

I am still not sure what the best way will be to correct the larger
issue here, namely that while this stuff could work fine in a single
instance model it doesn't work at all in a clustered model.  There are
steps that could be taken to make it work in such a model but they have
to be evaluated for their various trade-offs.

Henri Johannes Mikkonen wrote:

> Hello,
>
> I wrote an issue some weeks ago to the JIRA: https://bugs.internet2.edu/jira/browse/SIDP-312
>
> However, according to the Chad's instructions on "Dealing with possible bugs" (posted 3.6.09), I should have first asked from this list if it's a bug, or have I got it wrong. That's probably the reason why the issue hasn't been commented yet in JIRA.
>
> (Copy-pasted) contents of the issue:
>
> SessionManagerImpl class publishes a LoginEvent in two cases:
>
> 1) when createSession() method is called
> 2) when its ApplicationListener sees AddEntryEvent
>
> First, it would be more logical for the listeners if the event was published only once.
> Second, currently there is a race condition, depending on the timing, the ApplicationListeners may not be able to get the subject / principal information from the Session object, because they are set a little bit later by the AuthenticationEngine.
>
> If you need any further information, please ask.
>
> Best Regards,
> Henri Mikkonen
>

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Z├╝rich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
[hidden email], http://www.switch.ch