Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11321

When making a call to the /json/sessions endpoint with _action=validate and passing in a token whose related session is invalid OpenAM logs a very large stack trace

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.5.0
    • Fix Version/s: 13.5.2
    • Component/s: log
    • Sprint:
      AM Sustaining Sprint 41
    • Story Points:
      1
    • Needs backport:
      Yes
    • Support Ticket IDs:

      Description

      When making a call to the /json/sessions endpoint with _action=validate and passing in a token whose related session is invalid OpenAM logs a very large stack trace in the Session debug file. It is a very valid use case for the check of a session to return as {"valid":false} but that should not trigger a huge stack trace to be logged. This leads to extremely large debug files when lots of invalid sessions are checked. Yes, this could be mitigated with turning debug level off, but this really shouldn't be happening in the first place.

       

      ERROR: SessionResource.validateSession() :: Unable to validate token AQIC5wM2LY4Sfcw3cSAZ8ODg0YThCpe1RgpIngIr1oD65SU.AAJTSQACMDIAAlNLABQtMjIzODY2MjMyMzM4MjAyNDkxOQACUzEAAjAx
      com.iplanet.sso.SSOException: Session was not obtained.
      at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:220)
      at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:184)
      at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:236)
      at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:367)
      at org.forgerock.openam.core.rest.session.SessionResource$ValidateActionHandler.validateSession(SessionResource.java:620)
      at org.forgerock.openam.core.rest.session.SessionResource$ValidateActionHandler.handle(SessionResource.java:601)
      at org.forgerock.openam.core.rest.session.SessionResource.internalHandleAction(SessionResource.java:275)
      at org.forgerock.openam.core.rest.session.SessionResource.actionInstance(SessionResource.java:261)
      at org.forgerock.json.resource.InterfaceCollectionInstance.handleAction(InterfaceCollectionInstance.java:34)
      at org.forgerock.json.resource.Router.handleAction(Router.java:241)
      at org.forgerock.json.resource.Router.handleAction(Router.java:241)
      at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:59)
      at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter$1.apply(AuthorizationFilters.java:237)
      at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter$1.apply(AuthorizationFilters.java:233)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:223)
      at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.filterAction(AuthorizationFilters.java:232)
      at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:57)
      at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:207)
      at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:59)
      at org.forgerock.openam.rest.fluent.AuditFilter.filterAction(AuditFilter.java:89)
      at org.forgerock.openam.rest.fluent.AuditFilterWrapper.filterAction(AuditFilterWrapper.java:60)
      at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:57)
      at org.forgerock.openam.rest.fluent.CrestLoggingFilter.filterAction(CrestLoggingFilter.java:74)
      at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:57)
      at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:57)
      at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:57)
      at org.forgerock.openam.rest.AuthenticationEnforcer.filterAction(AuthenticationEnforcer.java:137)
      at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:57)
      at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:207)
      at org.forgerock.json.resource.Router.handleAction(Router.java:241)
      at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:59)
      at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:57)
      at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:57)
      at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:207)
      at org.forgerock.json.resource.InternalConnection.actionAsync(InternalConnection.java:33)
      at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:127)
      at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:73)
      at org.forgerock.json.resource.Requests$ActionRequestImpl.accept(Requests.java:185)
      at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:119)
      at org.forgerock.json.resource.http.HttpAdapter$2.apply(HttpAdapter.java:566)
      at org.forgerock.json.resource.http.HttpAdapter$2.apply(HttpAdapter.java:563)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
      at org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:562)
      at org.forgerock.json.resource.http.HttpAdapter.doAction(HttpAdapter.java:505)
      at org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:171)
      at org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:77)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      at org.forgerock.openam.rest.CrestProtocolEnforcementFilter.filter(CrestProtocolEnforcementFilter.java:61)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      at org.forgerock.http.routing.Router.handle(Router.java:92)
      at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:84)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      at org.forgerock.http.routing.Router.handle(Router.java:92)
      at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:64)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:220)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$400(AuthenticationFramework.java:65)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:212)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:205)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:168)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$100(AuthenticationFramework.java:65)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework$1.apply(AuthenticationFramework.java:155)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework$1.apply(AuthenticationFramework.java:152)
      at org.forgerock.util.promise.PromiseImpl$7.handleStateChange(PromiseImpl.java:485)
      at org.forgerock.util.promise.PromiseImpl.handleCompletion(PromiseImpl.java:567)
      at org.forgerock.util.promise.PromiseImpl.addOrFireListener(PromiseImpl.java:555)
      at org.forgerock.util.promise.PromiseImpl.thenAsync(PromiseImpl.java:477)
      at org.forgerock.util.promise.PromiseImpl.thenAsync(PromiseImpl.java:468)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:146)
      at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:96)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      at org.forgerock.openam.http.HandlerProvider.handle(HandlerProvider.java:50)
      at org.forgerock.openam.http.HttpRoute$3.handle(HttpRoute.java:142)
      at org.forgerock.http.routing.Router.handle(Router.java:92)
      at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:60)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:60)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
      at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:225)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.forgerock.openam.cors.CORSFilter.doFilter(CORSFilter.java:120)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
      at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at java.lang.Thread.run(Thread.java:745)
      Caused by: com.iplanet.dpro.session.SessionException: Session was not obtained.
      at com.iplanet.dpro.session.service.SessionService.checkSessionLocal(SessionService.java:541)
      at com.iplanet.dpro.session.Session.checkSessionLocal(Session.java:1329)
      at com.iplanet.dpro.session.Session.refresh(Session.java:1026)
      at org.forgerock.openam.session.SessionCache.getSession(SessionCache.java:300)
      at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:205)
      ... 115 more

        Attachments

          Activity

            People

            • Assignee:
              markdr Mark de Reeper
              Reporter:
              robert.faller Robert Faller
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: