You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by foxericlee <lg...@126.com> on 2009/10/06 07:11:14 UTC
There is something wrong Integrating zkoss with shiro
First login is right. After logout, I can not login again. System show some
exception
2009-10-6 13:06:38 org.zkoss.zk.ui.impl.UiEngineImpl handleError:1131
严重: >>java.lang.NullPointerException
>> at org.apache.catalina.connector.Request.setAttribute(Request.java:1423)
>> at
org.apache.catalina.connector.RequestFacade.setAttribute(RequestFacade.java:503)
>> at
javax.servlet.ServletRequestWrapper.setAttribute(ServletRequestWrapper.java:284)
>> at
org.apache.shiro.web.DefaultWebSecurityManager.removeRequestIdentity(DefaultWebSecurityManager.java:254)
>> at
org.apache.shiro.web.DefaultWebSecurityManager.beforeLogout(DefaultWebSecurityManager.java:248)
>> at
org.apache.shiro.mgt.DefaultSecurityManager.logout(DefaultSecurityManager.java:501)
>> at
org.apache.shiro.subject.DelegatingSubject.logout(DelegatingSubject.java:317)
>>..
Somebody help me?
login code:
Subject currentUser = SecurityUtils.getSubject();
if(currentUser.isAuthenticated())
{
currentUser.logout();
}
UsernamePasswordToken token = new UsernamePasswordToken(tbUserName
.getValue(), tbPassword.getValue());
token.setRememberMe(true);
try {
currentUser.login(token);
} catch (Exception ex) {
}
logout code:
Subject currentUser = SecurityUtils.getSubject();
if (currentUser.isAuthenticated()) {
currentUser.logout();
}
--
View this message in context: http://n2.nabble.com/There-is-something-wrong-Integrating-zkoss-with-shiro-tp3773207p3773207.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: There is something wrong Integrating zkoss with shiro
Posted by foxericlee <lg...@126.com>.
Thank you very much!
Les Hazlewood-2 wrote:
>
> You usually can't log-out and log-in on the same thread in a web
> environment.
>
> Logging out a subject will kill their session and remove any related
> cookie information, and the Servlet container (Tomcat in your stack
> trace) might do some internal state cleanup as well, resulting in
> unpredictable behavior.
>
> Usually you do something like this:
>
> login code:
> Subject currentUser = SecurityUtils.getSubject();
> if(currentUser.isAuthenticated()) {
> //they already are authenticated -
> //just redirect them to 'after-login' view
> } else {
> ...
> currentUser.login(token);
> //show them the 'after-login' view
> }
>
> For logout, you should pretty much always do something like this.
> Note there is no 'if' check for isAuthenticated() - just do it no
> matter what their authentication/rememberMe/anonymous state is:
>
> Subject currentUser = SecurityUtils.getSubject();
> currentUser.logout();
> redirectToDefaultView(); //different per UI technology
>
> Cheers,
>
> Les
>
> On Tue, Oct 6, 2009 at 1:11 AM, foxericlee <lg...@126.com> wrote:
>>
>> First login is right. After logout, I can not login again. System show
>> some
>> exception
>>
>> 2009-10-6 13:06:38 org.zkoss.zk.ui.impl.UiEngineImpl handleError:1131
>> 严重: >>java.lang.NullPointerException
>>>> at
>>>> org.apache.catalina.connector.Request.setAttribute(Request.java:1423)
>>>> at
>> org.apache.catalina.connector.RequestFacade.setAttribute(RequestFacade.java:503)
>>>> at
>> javax.servlet.ServletRequestWrapper.setAttribute(ServletRequestWrapper.java:284)
>>>> at
>> org.apache.shiro.web.DefaultWebSecurityManager.removeRequestIdentity(DefaultWebSecurityManager.java:254)
>>>> at
>> org.apache.shiro.web.DefaultWebSecurityManager.beforeLogout(DefaultWebSecurityManager.java:248)
>>>> at
>> org.apache.shiro.mgt.DefaultSecurityManager.logout(DefaultSecurityManager.java:501)
>>>> at
>> org.apache.shiro.subject.DelegatingSubject.logout(DelegatingSubject.java:317)
>>>>..
>>
>> Somebody help me?
>>
>> login code:
>> Subject currentUser = SecurityUtils.getSubject();
>> if(currentUser.isAuthenticated())
>> {
>> currentUser.logout();
>> }
>>
>> UsernamePasswordToken token = new
>> UsernamePasswordToken(tbUserName
>> .getValue(), tbPassword.getValue());
>> token.setRememberMe(true);
>> try {
>> currentUser.login(token);
>> } catch (Exception ex) {
>> }
>>
>> logout code:
>> Subject currentUser = SecurityUtils.getSubject();
>> if (currentUser.isAuthenticated()) {
>> currentUser.logout();
>> }
>>
>>
>>
>> --
>> View this message in context:
>> http://n2.nabble.com/There-is-something-wrong-Integrating-zkoss-with-shiro-tp3773207p3773207.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>
--
View this message in context: http://n2.nabble.com/There-is-something-wrong-Integrating-zkoss-with-shiro-tp3773207p3779717.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: There is something wrong Integrating zkoss with shiro
Posted by Les Hazlewood <lh...@apache.org>.
You usually can't log-out and log-in on the same thread in a web environment.
Logging out a subject will kill their session and remove any related
cookie information, and the Servlet container (Tomcat in your stack
trace) might do some internal state cleanup as well, resulting in
unpredictable behavior.
Usually you do something like this:
login code:
Subject currentUser = SecurityUtils.getSubject();
if(currentUser.isAuthenticated()) {
//they already are authenticated -
//just redirect them to 'after-login' view
} else {
...
currentUser.login(token);
//show them the 'after-login' view
}
For logout, you should pretty much always do something like this.
Note there is no 'if' check for isAuthenticated() - just do it no
matter what their authentication/rememberMe/anonymous state is:
Subject currentUser = SecurityUtils.getSubject();
currentUser.logout();
redirectToDefaultView(); //different per UI technology
Cheers,
Les
On Tue, Oct 6, 2009 at 1:11 AM, foxericlee <lg...@126.com> wrote:
>
> First login is right. After logout, I can not login again. System show some
> exception
>
> 2009-10-6 13:06:38 org.zkoss.zk.ui.impl.UiEngineImpl handleError:1131
> 严重: >>java.lang.NullPointerException
>>> at org.apache.catalina.connector.Request.setAttribute(Request.java:1423)
>>> at
> org.apache.catalina.connector.RequestFacade.setAttribute(RequestFacade.java:503)
>>> at
> javax.servlet.ServletRequestWrapper.setAttribute(ServletRequestWrapper.java:284)
>>> at
> org.apache.shiro.web.DefaultWebSecurityManager.removeRequestIdentity(DefaultWebSecurityManager.java:254)
>>> at
> org.apache.shiro.web.DefaultWebSecurityManager.beforeLogout(DefaultWebSecurityManager.java:248)
>>> at
> org.apache.shiro.mgt.DefaultSecurityManager.logout(DefaultSecurityManager.java:501)
>>> at
> org.apache.shiro.subject.DelegatingSubject.logout(DelegatingSubject.java:317)
>>>..
>
> Somebody help me?
>
> login code:
> Subject currentUser = SecurityUtils.getSubject();
> if(currentUser.isAuthenticated())
> {
> currentUser.logout();
> }
>
> UsernamePasswordToken token = new UsernamePasswordToken(tbUserName
> .getValue(), tbPassword.getValue());
> token.setRememberMe(true);
> try {
> currentUser.login(token);
> } catch (Exception ex) {
> }
>
> logout code:
> Subject currentUser = SecurityUtils.getSubject();
> if (currentUser.isAuthenticated()) {
> currentUser.logout();
> }
>
>
>
> --
> View this message in context: http://n2.nabble.com/There-is-something-wrong-Integrating-zkoss-with-shiro-tp3773207p3773207.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>