Injected HttpServletRequest object in session-scoped bean should transparently access current request [SPR-5135]

[spring-projects-issues]

Grant Gochnauer opened SPR-5135 and commented

http://forum.springframework.org/showthread.php?t=59618

I've run into a situation where accessing anything from a HttpServletRequest object in my session scoped bean throws an exception. This happens for example if I try to set an attribute on the request object or get a cookie with WebUtils.

I've found that the problem is easily reproducible when refreshing a page that uses a session scoped bean heavily. If I refresh the page every few seconds it seems to work for a while but eventually I'll still run into a problem where the HttpServletRequest object is "dead". The problem is bad because the only way for the application to recover is to restart the EAR. Requesting the page again just results in the same exception over and over.

The exception I am seeing is:
Caused by: java.lang.NullPointerException
at com.ibm.ws.webcontainer.srt.SRTServletRequest$SRTServletRequestHelper.access$1500(SRTServletRequest.java:2232)
at com.ibm.ws.webcontainer.srt.SRTServletRequest.parseParameters(SRTServletRequest.java:1420)
at com.ibm.ws.webcontainer.srt.SRTServletRequest.getParameter(SRTServletRequest.java:1090)
at javax.servlet.ServletRequestWrapper.getParameter(ServletRequestWrapper.java:203)
at org.springframework.security.wrapper.SavedRequestAwareWrapper.getParameter(SavedRequestAwareWrapper.java:261)

I've also tried removing Spring Security to reduce the variables in this problem but that had no effect.

My session scoped bean makes heavy use of:
@Autowired
private HttpServletRequest request;

---

Affects: 2.5.5

[spring-projects-issues]

Grant Gochnauer commented

I printed the HttpServletRequest object in a bean that is called when requesting a page through a Spring controller and I see:
com.ibm.ws.webcontainer.srt.SRTServletRequest@f760f76

So it appears the request is wired in properly. I tried doing a simple call to see if it would succeed. First page load, the call worked and printed out the values below

valid? false
server name: dev.mysite.com

Hitting refresh to load the page a 2nd time, I see the following:

Caused by: java.lang.NullPointerException
at java.util.Hashtable.get(Hashtable.java:482)
at com.ibm.ws.webcontainer.srt.SRTRequestContext.getSession(SRTRequestContext.java:76)
at com.ibm.ws.webcontainer.srt.SRTRequestContext.isRequestedSessionIdValid(SRTRequestContext.java:64)
at com.ibm.ws.webcontainer.srt.SRTServletRequest.isRequestedSessionIdValid(SRTServletRequest.java:1407)
at com.roche.cwp.component.content.aspect.PersonalizedContentAspect.personlizeContent(PersonalizedContentAspect.java:66)

Line 66 of PersonalizedContentAspect is:
System.out.println("#######\n\n" + "valid?" + siteConfigContainer.getRequest().isRequestedSessionIdValid() + "##\n\n\n");

"siteConfigContainer" is the @Autowired session scoped bean used in PersonalizedContentAspect which I expose a getRequest method on the session scoped bean for use in this aspect.

[spring-projects-issues]

Grant Gochnauer commented

Also -- the title of this issue is a tad misleading I think. All I have to do is refresh the page so it really doesn't have to be concurrent. It's really just the 2nd time a request is made to the controller, it dies.

[spring-projects-issues]

Grant Gochnauer commented

Another interesting thing -- if I open the site in Firefox, the first load works but then will consistently fail until I restart the EAR. However, once the site is failing in Firefox, I can load it in IE just fine. It's like my session gets corrupted somehow.

[spring-projects-issues]

Juergen Hoeller commented

Well, isn't the problem here that you have a session-scoped bean that has the request stored in an instance variable? That request object is bound to be outdated when accessed outside of the original request. I would argue that the bean would have to be request-scoped (or a prototype) when storing the request in an instance variable...

That means that you should be able to reproduce the problem by simply manually storing the HttpServletRequest reference in a manually managed session attribute.

Juergen

[spring-projects-issues]

Grant Gochnauer commented

Juergen --

Thanks for the feedback. I agree that accessing the request instance object in the session scoped bean outside of a request would cause this issue. The bean is only used/accessed when making requests to the web controller so as long as a request is being made, I should be able to access the HttpServletRequest object right? Maybe I am misunderstanding something.

Thanks

[spring-projects-issues]

Juergen Hoeller commented

Servlet containers usually create new HttpServletRequest objects per request. We are storing the servlet container's original HttpServletRequest object there in case of a Spring-injected bean. So the request object stored in your session-scoped bean will be outdated by the time that a subsequent request comes in... There is no transparent switch to the then-current new request object, I'm afraid.

Juergen

[spring-projects-issues]

Grant Gochnauer commented

Juergen --

That makes sense. I'm changing the bean to be request scoped and things do seem to be working better!!! Sorry for non-issue. I'm grateful for the clarification.

-Grant

[spring-projects-issues]

Juergen Hoeller commented

I'll consider this as enhancement request for Spring 3.0: Maybe we can do something about the kind of HttpServletRequest object that we inject there; possibly using a proxy that transparently delegates to the current request object.

Juergen

[spring-projects-issues]

Juergen Hoeller commented

As of Spring 3.0 RC1, we generally inject proxies for request and session objects now. This has the advantage of working in singleton beans and serializable beans as well, and to always obtain the current session handle - even in case of invalidation between requests or between multiple calls within the same request.

Juergen

[spring-projects-issues]

Grant Gochnauer commented

Thanks Juergen -- this is fantastic.