Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sometimes 403 Forbidden server response when websocket message call ajax update with identity store #25141

Open
Dev-ALPM opened this issue Sep 11, 2024 · 4 comments
Open

Sometimes 403 Forbidden server response when websocket message call ajax update with identity store #25141

Dev-ALPM opened this issue Sep 11, 2024 · 4 comments

Comments

@Dev-ALPM
Copy link

Environment Details

  • Eclipse GlassFish 7.0.18-SNAPSHOT (commit: b4bd2e2)
  • JDK version: 21.0.3
  • OS: Windows 10

Problem Description

Sometimes server return 403 forbidden

I add RealmAdapter log:

Normal trace:
RealmAdapter.findPrincipalWrapper
principal:jakarta.security.enterprise.CallerPrincipal@31614fef
sessionPrincipal:jakarta.security.enterprise.CallerPrincipal@31614fef|#]
RealmAdapter.findPrincipalWrapper
principal:jakarta.security.enterprise.CallerPrincipal@41e82e26
sessionPrincipal:jakarta.security.enterprise.CallerPrincipal@41e82e26|#]
sessionBean.getText(): TEST1|#]
sessionBean.getText(): TEST2|#]

When 403 forbidden:
RealmAdapter.findPrincipalWrapper
principal:jakarta.security.enterprise.CallerPrincipal@41e82e26
sessionPrincipal:jakarta.security.enterprise.CallerPrincipal@31614fef|#]
RealmAdapter.findPrincipalWrapper
principal:jakarta.security.enterprise.CallerPrincipal@31614fef
sessionPrincipal:jakarta.security.enterprise.CallerPrincipal@31614fef|#]
RealmAdapter.validate sessionSubject == null|#]
sessionBean.getText(): TEST1|#]

Server return 403 for TEST2,
In fonction RealmAdapter.findPrincipalWrapper caller is TEST2 and sessionPrincipal is TEST1

Steps to reproduce

TestSession.zip

Compile TestSession project
Deploy TestSession

Open chrome explorer and developper tools, call http://127.0.0.1:8080/test/
login with TEST1 / TEST1

Open edge explorer and developper tools, call http://127.0.0.1:8080/test/
login with TEST2 / TEST2

Sometimes server return 403 forbidden

Impact of Issue

Client not refresh when server return 403

403-forbidden
@arjantijms
Copy link
Contributor

Thanks for the report. A first question; does this happen with any two browsers, or specifically with chrome and edge?

What is the approximate frequency of sometimes failing? Eg in the order of 1 in 100 or 1 in 10 or so?

@Dev-ALPM
Copy link
Author

It's not specifically Chrome, I also have an error with Firefox

I've test with WildFly 33.0.1, and not problem
testSession-WildFly.zip

For test :
start wildfly standalone with -c standalone-full.xml parameter
Disable Integrated JASPI under management console : Configuration / Subsytem / Web / Application Security Domain
mvn install wildfly:deploy

@Dev-ALPM
Copy link
Author

After using glassfish since 2006, I was forced to adapt my projects for WildFly.

I did not have time to do further research to target the code of the server concerned.

For me, the problem happens when the request uses a different thread from the http pool between two calls.

The TestSession project allows you to reproduce the problem quickly with opening two browsers.

@OndroMih
Copy link
Contributor

The same issue also reported here: https://stackoverflow.com/questions/79070073/response-403-forbidden-at-simultaneously-ajax-request-using-jakarta-ee-and-glass

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@OndroMih @arjantijms @Dev-ALPM