Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IllegalStateException: Response head already sent during login #44458

Closed
ksdev-pl opened this issue Nov 12, 2024 · 8 comments · Fixed by #46418
Closed

IllegalStateException: Response head already sent during login #44458

ksdev-pl opened this issue Nov 12, 2024 · 8 comments · Fixed by #46418
Labels
area/security kind/bug Something isn't working
Milestone
3.19.1

Comments

@ksdev-pl
Copy link
Contributor

Describe the bug

Hello

When setting quarkus.http.auth.proactive=false, I get an exception during form-based authentication login (though the login still succeeds). This doesn't occur when quarkus.http.auth.proactive=true.

ERROR [io.qua.ver.htt.run.QuarkusErrorHandler] (vert.x-eventloop-thread-1) HTTP Request to /j_security_check failed, error id: d0420c48-a540-4d5e-bc30-fe704a8d2d07-1: java.lang.IllegalStateException: Response head already sent
        at io.vertx.core.http.impl.Http1xServerResponse.checkHeadWritten(Http1xServerResponse.java:722)
        at io.vertx.core.http.impl.Http1xServerResponse.setStatusCode(Http1xServerResponse.java:151)
        at io.quarkus.vertx.http.runtime.filters.AbstractResponseWrapper.setStatusCode(AbstractResponseWrapper.java:62)
        at io.quarkus.vertx.http.runtime.devmode.ResourceNotFoundHandler.handleHTML(ResourceNotFoundHandler.java:57)
        at io.quarkus.vertx.http.runtime.devmode.ResourceNotFoundHandler.handle(ResourceNotFoundHandler.java:28)
        at io.quarkus.vertx.http.runtime.devmode.ResourceNotFoundHandler.handle(ResourceNotFoundHandler.java:14)
        at io.vertx.ext.web.impl.RoutingContextImpl.checkHandleNoMatch(RoutingContextImpl.java:169)
        at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
        at org.jboss.resteasy.reactive.server.vertx.VertxResteasyReactiveRequestContext.resumeExternalProcessing(VertxResteasyReactiveRequestContext.java:149)
        at org.jboss.resteasy.reactive.server.handlers.ClassRoutingHandler.throwNotFound(ClassRoutingHandler.java:233)
        at org.jboss.resteasy.reactive.server.handlers.ClassRoutingHandler.handle(ClassRoutingHandler.java:77)
        at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:123)
        at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
        at org.jboss.resteasy.reactive.server.handlers.RestInitialHandler.beginProcessing(RestInitialHandler.java:48)
        at org.jboss.resteasy.reactive.server.vertx.ResteasyReactiveVertxHandler.handle(ResteasyReactiveVertxHandler.java:23)
        at org.jboss.resteasy.reactive.server.vertx.ResteasyReactiveVertxHandler.handle(ResteasyReactiveVertxHandler.java:10)
        at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1285)
        at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:177)
        at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
        at io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder$2$1.onItem(HttpSecurityRecorder.java:102)
        at io.quarkus.vertx.http.runtime.security.HttpSecurityRecorder$2$1.onItem(HttpSecurityRecorder.java:94)
        at io.smallrye.mutiny.operators.uni.UniMemoizeOp.forwardTo(UniMemoizeOp.java:123)
        at io.smallrye.mutiny.operators.uni.UniMemoizeOp.notifyAwaiters(UniMemoizeOp.java:135)
        at io.smallrye.mutiny.operators.uni.UniMemoizeOp.onItem(UniMemoizeOp.java:97)
        at io.smallrye.mutiny.operators.uni.UniOnTermination$UniOnTerminationProcessor.onItem(UniOnTermination.java:39)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.onItem(UniOnItemTransformToUni.java:60)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.onItem(UniOnItemTransformToUni.java:60)
        at io.smallrye.mutiny.operators.uni.builders.DefaultUniEmitter.complete(DefaultUniEmitter.java:37)
        at io.smallrye.mutiny.groups.UniOnNull.lambda$failWith$1(UniOnNull.java:46)
        at io.smallrye.context.impl.wrappers.SlowContextualBiConsumer.accept(SlowContextualBiConsumer.java:21)
        at io.smallrye.mutiny.groups.UniOnItem.lambda$transformToUni$4(UniOnItem.java:177)
        at io.smallrye.context.impl.wrappers.SlowContextualConsumer.accept(SlowContextualConsumer.java:21)
        at io.smallrye.mutiny.operators.uni.builders.UniCreateWithEmitter.subscribe(UniCreateWithEmitter.java:22)
        at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.performInnerSubscription(UniOnItemTransformToUni.java:81)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.onItem(UniOnItemTransformToUni.java:57)
        at io.smallrye.mutiny.operators.uni.builders.UniCreateFromKnownItem$KnownItemSubscription.forward(UniCreateFromKnownItem.java:38)
        at io.smallrye.mutiny.operators.uni.builders.UniCreateFromKnownItem.subscribe(UniCreateFromKnownItem.java:23)
        at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni.subscribe(UniOnItemTransformToUni.java:25)
        at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.performInnerSubscription(UniOnItemTransformToUni.java:81)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.onItem(UniOnItemTransformToUni.java:57)
        at io.smallrye.mutiny.operators.uni.UniMemoizeOp.forwardTo(UniMemoizeOp.java:123)
        at io.smallrye.mutiny.operators.uni.UniMemoizeOp.notifyAwaiters(UniMemoizeOp.java:135)
        at io.smallrye.mutiny.operators.uni.UniMemoizeOp.onItem(UniMemoizeOp.java:97)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.onItem(UniOnItemTransformToUni.java:60)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.onItem(UniOnItemTransformToUni.java:60)
        at io.smallrye.mutiny.operators.uni.builders.UniCreateFromKnownItem$KnownItemSubscription.forward(UniCreateFromKnownItem.java:38)
        at io.smallrye.mutiny.operators.uni.builders.UniCreateFromKnownItem.subscribe(UniCreateFromKnownItem.java:23)
        at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.performInnerSubscription(UniOnItemTransformToUni.java:81)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.onItem(UniOnItemTransformToUni.java:57)
        at io.smallrye.mutiny.operators.uni.builders.DefaultUniEmitter.complete(DefaultUniEmitter.java:37)
        at io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism$1$1$1.accept(FormAuthenticationMechanism.java:176)
        at io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism$1$1$1.accept(FormAuthenticationMechanism.java:157)
        at io.smallrye.context.impl.wrappers.SlowContextualConsumer.accept(SlowContextualConsumer.java:21)
        at io.smallrye.mutiny.helpers.UniCallbackSubscriber.onItem(UniCallbackSubscriber.java:73)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.onItem(UniOnItemTransformToUni.java:60)
        at io.smallrye.mutiny.operators.uni.builders.DefaultUniEmitter.complete(DefaultUniEmitter.java:37)
        at io.smallrye.mutiny.groups.UniOnNull.lambda$failWith$1(UniOnNull.java:46)
        at io.smallrye.context.impl.wrappers.SlowContextualBiConsumer.accept(SlowContextualBiConsumer.java:21)
        at io.smallrye.mutiny.groups.UniOnItem.lambda$transformToUni$4(UniOnItem.java:177)
        at io.smallrye.context.impl.wrappers.SlowContextualConsumer.accept(SlowContextualConsumer.java:21)
        at io.smallrye.mutiny.operators.uni.builders.UniCreateWithEmitter.subscribe(UniCreateWithEmitter.java:22)
        at io.smallrye.mutiny.operators.AbstractUni.subscribe(AbstractUni.java:36)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.performInnerSubscription(UniOnItemTransformToUni.java:81)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransformToUni$UniOnItemTransformToUniProcessor.onItem(UniOnItemTransformToUni.java:57)
        at io.smallrye.mutiny.operators.uni.builders.UniCreateFromCompletionStage$CompletionStageUniSubscription.forwardResult(UniCreateFromCompletionStage.java:63)
        at java.base/java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:863)
        at java.base/java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:841)
        at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
        at java.ba.util.concurrent.CompletableFuture.complete(CompletableFuture.java:2179)
        at io.vertx.core.Future.lambda$toCompletionStage$3(Future.java:601)
        at io.vertx.core.impl.future.FutureImpl$4.onSuccess(FutureImpl.java:176)
        at io.vertx.core.impl.future.FutureBase.lambda$emitSuccess$0(FutureBase.java:60)
        at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:173)
        at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:166)
        at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:469)
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569)
        at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:994)
        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:1583)

Expected behavior

No IllegalStateException with quarkus.http.auth.proactive=false during login.

Actual behavior

IllegalStateException with quarkus.http.auth.proactive=false during login.

How to Reproduce?

Use the simple project at repository:
https://github.com/ksdev-pl/quarkus-response-head-already-sent/tree/master

Run it in dev mode, visit http://localhost:8080 and login using credentials: admin@example.com / secret.
Check the logs after login.

Output of uname -a or ver

Fedora 6.11.6-300.fc41.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 16:16:00 UTC 2024 x86_64 GNU/Linux

Output of java -version

OpenJDK Runtime Environment Temurin-21.0.5+11 (build 21.0.5+11-LTS)

Quarkus version or git rev

3.16.2

Build tool (ie. output of mvnw --version or gradlew --version)

3.9.8

Additional information

No response
@ksdev-pl ksdev-pl added the kind/bug Something isn't working label Nov 12, 2024
@geoand
Copy link
Contributor

geoand commented Nov 13, 2024
edited
Loading

There is an easy way to hide the error from happening, but I would like @sberyozkin to have a look at the request flow to make sure that Quarkus REST is not being engaged here when it shouldn't be.

@cristian-montes
Copy link

cristian-montes commented Nov 13, 2024
edited
Loading

Hello @sberyozkin , are there any updates on this? Running into a similar issue.

@ksdev-pl
Copy link
Contributor Author

It looks like the issue is known at least from 2022:

I am logged in after sending only j_username and j_password and can access protected paths. Each login also generates an IllegalStateException: Response head already sent
#29924

@geoand
Copy link
Contributor

geoand commented Nov 28, 2024

@sberyozkin I think this warrants your attention.

Thanks

@ksdev-pl
Copy link
Contributor Author

ksdev-pl commented Dec 7, 2024

Hello @sberyozkin Could you please provide any answer?

@michalvavrik
Copy link
Member

Hello @sberyozkin Could you please provide any answer?

I'll have a look in next weeks.

@michalvavrik michalvavrik mentioned this issue Feb 21, 2025
Merged
@michalvavrik
Copy link
Member

Thanks for nice reproducer, it helped very much. Here is the fix #46418. I realized I have seen this in past many times and never looked into it.

@quarkus-bot quarkus-bot bot added this to the 3.21 - main milestone Feb 21, 2025
@ksdev-pl
Copy link
Contributor Author

Thank you ❤️

@gsmet gsmet modified the milestones: 3.21 - main, 3.19.1 Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security kind/bug Something isn't working
Projects
None yet
Milestone
3.19.1
5 participants
@gsmet @ksdev-pl @geoand @michalvavrik @cristian-montes