Tigase Forge
Dashboards
Projects
Global Views
Code Search
server-core
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
OneDev 11.9.3
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server server-core Issues #1202
NotAuthorizedException: Session has not been yet authorised in MessageCarbons (#1202)
Wojciech Kapcia (Tigase) opened 5 years ago 
[2020-09-05 07:19:59:926] [WARNING ] [message-carbons-proc-0 ] SessionManager$ProcessorWorkerThread.process(): Exception during packet processing: from=c2s@ip-10-0-15-235.us-west-2.compute.internal/10.0.15.235_5223_24.134.11.17_56601, to=sess-man@ip-10-0-15-235.us-west-2.compute.internal, DATA=[iq xmlns="jabber:client" from="…@jabber.today/Claudis iPhone" type="set" id="33EF402B-C83C-4EA9-9227-681129D9BC8B"][enable xmlns="urn:xmpp:carbons:2"/][/iq], SIZE=167, XMLNS=jabber:client, PRIORITY=NORMAL, PERMISSION=AUTH, TYPE=set, STABLE_ID=d6104f3c-5f63-4d37-a113-853743e53ec4
tigase.xmpp.NotAuthorizedException: Session has not been yet authorised.
	at tigase.xmpp.XMPPResourceConnection.getJID(XMPPResourceConnection.java:411)
	at tigase.xmpp.impl.MessageCarbons.setEnabled(MessageCarbons.java:410)
	at tigase.xmpp.impl.MessageCarbons.process(MessageCarbons.java:160)
	at tigase.server.xmppsession.SessionManager$ProcessorWorkerThread.process(SessionManager.java:2646)
	at tigase.util.processing.WorkerThread.run(WorkerThread.java:67)
  • Wojciech Kapcia (Tigase) commented 5 years ago

    I fixed the issue by checking if the session was authorised.

    However I was thinking - it seems that most of the plugins do this check (session.isAuthorized()) because most of the plugins should/could handle only packets from authorised sessions so maybe we reverse the checking and we could specify plugins that can actually handle not authorised packets (mostly authentication plugins) and in rest of plugins we could assume that the session is actually authorised? What do you think @andrzej.wojcik ?

  • Andrzej Wójcik (Tigase) commented 5 years ago

    @wojtek Your idea that most of processors require authorized session is OK. However, the issue here is that each processor has its own queue of packets to process and its own threads leading to concurrency issues, ie. packet can be for session which is authorized, it is added for correct processor but in the meanwhile other processor may deauthenticate session leading to processing packet for unauthorized session by processor requiring authorized session.

  • Wojciech Kapcia (Tigase) commented 5 years ago

    I'd say that this issue stresses having dedicated "authenticated processes" even more as we would avoid issue that something de-authenticated the session while processing certain stanza.

issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Wojciech Kapcia (Tigase)
Version
tigase-server-8.2.0
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/server-core#1202
Please wait...
Page is in error, reload to recover