You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by itsvisher <an...@gmail.com> on 2017/04/04 08:26:56 UTC
Login successful, but authenticated call to any other api results
in 302 response.
Hi,
I am using Jersey Framework and decided to use Shiro for authentication
mechanism.
My problem is, I am able to generate session id and authenticate the user
with login url, but using the same session key for any other API call is
always resulting in a 302 response. It's actually happening automatically
behind the scenes, and my API call is not even getting executed to perform
other stuff.
Even the logs also say that session is found, but the API code never get's
executed. Also, the doReadSession is getting called for at least 11 times.
Here is my shiro.ini:
# =======================
# Shiro INI configuration
# =======================
[main]
#Defining authentication filter and realm
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
mongoRealm = com.company.core.usermanagement.MongoRealm
securityManager.realms = $mongoRealm
#Defining session DAO and session Manager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionDAO = com.company.core.usermanagement.MongoSessionDAO
sessionManager.sessionDAO = $sessionDAO
sessionManager.globalSessionTimeout = 10000
sessionManager.sessionValidationSchedulerEnabled = false
securityManager.sessionManager = $sessionManager
#Session cache manager
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager
authc.loginUrl = /api/userlogin
[urls]
/api/userlogin = authc
/api/** = noSessionCreation, authc
Here are my API calls and response:
*For Login:*
curl -i -X POST -H "Content-Type: application/json" -d '{"username":
"admin", "password": "password", "rememberMe": true}'
http://localhost:8080/securitysample/api/userlogin
*Response (Expected and Actual):*
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965;
Path=/securitysample; HttpOnly
Set-Cookie: rememberMe=deleteMe; Path=/atlantis-analytics; Max-Age=0;
Expires=Mon, 03-Apr-2017 07:50:21 GMT
Set-Cookie:
rememberMe=pPC2qCOGj93a/sWbOSngHMW3WFAXYnUeINnhLtuNzAf6dAh56APdoArG3k1JWuCZ4I9ljPjqmRqaPYGtalY2ZIMKkCZfs0LvjL+k+4SKTbA8BC5232jrBBYszzphSGsal4+EGPDK29OkeHUY3Yi4ld+3wMNuyP/CoaZUjcqZ5qPpj1c5ym7qFj4ylZGf4qscAOtkzqNeste0zns2jTtxakhMKzyqgAXFohrhi3eeBqmpaLGXuUN1z4v5jFxV14nqsIAVWiqr1x2BVXfAWD946UyrjYlFO92g+TQkuLxkAW2WKTyOYtFUDUM+/AVeUGQc5Tdkj8X94BkywvUuE6BpUQ7BpYaIn9PiC7L5GRRpQ+1L3elEi9XJ6OQ92x8E9xTMPMsr7iFiHqc1edUMhQJmTrRUJPx1iFa1uK+yGz9I6IsDKO4JYWlu7INouiiuFgnSOCpNhChDBXwbACJ9cFp2Fv9qcBx/Ucx5Kuh71qIJpRct53kz5C7NGffuNOmj9tvqf3vRaBZKe+RxpuiCvnFVCwLMpAHutSDA7Kh3EGkeTaYaS9oRgWdd/U/QwIEJ1j1iMVaeK7H6+EhvTr15hJTmuA==;
Path=/securitysample; Max-Age=31536000; Expires=Wed, 04-Apr-2018 07:50:21
GMT; HttpOnly
Access-Control-Allow-Origin: *
Content-Type: */*
Content-Length: 18
Date: Tue, 04 Apr 2017 07:50:21 GMT
This is totally expected and I get a session id which is stored in my mongo
db as well. But call to any other API is always resulting in 302 and the
actual api code is never getting executed.
*Any other call:*
curl -i -X GET -H "Cookie: JSESSIONID=d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965"
http://localhost:8080/securitysample/api/projects?username=admin
*Response (Actual and not expected):*
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://localhost:8080/securitysample/api/userlogin
Content-Length: 0
Date: Tue, 04 Apr 2017 07:55:30 GMT
Here are the server logs upon calling any other API:
2017-04-04 13:25:30 DEBUG SimpleCookie:389 - Found 'JSESSIONID' cookie value
[d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965]
2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 DEBUG MongoSessionDAO:30 - Update session
2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 DEBUG MongoSessionDAO:30 - Update session
Can someone please tell where I am doing mistake? I have spent a lot of time
in reading shiro documentations and tried lots of other filters such user,
anon etc. None is working. Please help.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Login-successful-but-authenticated-call-to-any-other-api-results-in-302-response-tp7581569.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Login successful, but authenticated call to any other api
results in 302 response.
Posted by itsvisher <an...@gmail.com>.
I will try it now itself. Looks like 2 more users are facing exactly the same
issue , where you have replied as well:
http://shiro-user.582556.n2.nabble.com/Shiro-rediecting-back-to-Login-after-successful-Login-td7581130.html
Will get back to you in sometime.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Login-successful-but-authenticated-call-to-any-other-api-results-in-302-response-tp7581569p7581571.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Login successful, but authenticated call to any other api results
in 302 response.
Posted by Brian Demers <br...@gmail.com>.
I'm not sure, I've only looked at this quickly, but it looks like your
serialize and deserialize methods do different things. (again, just a quick
look, but do you have test for writing data in, then pulling it back out by
Id?
On Tue, Apr 4, 2017 at 2:27 PM, itsvisher <an...@gmail.com> wrote:
> Gosh!!! You were so right. It is problem of my SessionDAO implementation.
> Where did I do wrong??
>
> Here is my implementation of SessionDAO:
>
> package com.company.core.usermanagement;
>
> import java.io.ByteArrayInputStream;
> import java.io.ObjectInputStream;
> import java.io.Serializable;
> import java.util.Collection;
>
> import org.apache.log4j.Logger;
> import org.apache.shiro.codec.Base64;
> import org.apache.shiro.session.Session;
> import org.apache.shiro.session.UnknownSessionException;
> import org.apache.shiro.session.mgt.SimpleSession;
> import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
> import org.json.JSONArray;
> import org.json.JSONException;
> import org.json.JSONObject;
>
> import com.mongodb.BasicDBObject;
> import com.mongodb.DBCursor;
> import com.mongodb.util.JSON;
>
> public class MongoSessionDAO extends AbstractSessionDAO {
> private static final Logger logger =
> Logger.getLogger(MongoSessionDAO.class);
> MongoProvider mp = new MongoProvider();
> String localdbName = "testdb";
> Session session;
>
> @Override
> public void update(Session session) throws UnknownSessionException
> {
> logger.debug("Update session");
> }
>
> @Override
> public void delete(Session session) {
> logger.debug("Deleting session: " + session.getId());
> session.stop();
> }
>
> @Override
> public Collection<Session> getActiveSessions() {
> return null;
> }
>
> @Override
> protected Serializable doCreate(Session session) {
> logger.info("Inside doCreate ");
> Serializable timeUuid = generateSessionId(session);
> assignSessionId(session, timeUuid);
> save(session.getId());
> logger.info("doCreate session Id: " + session.getId());
> return session.getId();
> }
>
> private void save(Serializable sessionId) {
> logger.info("Saving session...");
> int id = 0;
> mp.init();
> MongoRealm mongoRealmuser = new
> MongoRealm(mp.getCollection(localdbName,
> "usersessions"));
> MongoRealm mongoRealcounter = new
> MongoRealm(mp.getCollection(localdbName,
> "counters"));
> id = ((Double)
> mongoRealcounter.getNextSequence("usersessions")).intValue();
> logger.info("sId-----> " + sessionId);
> mp.insertDBObject(localdbName, mongoRealmuser.
> createUserSessions(id,
> sessionId), "usersessions");
> }
>
> @Override
> protected Session doReadSession(Serializable sessionId) {
> logger.info("doReadSession - Looking for session id: " +
> sessionId.toString());
> mp.init();
>
> BasicDBObject allQuery = new BasicDBObject();
> allQuery.put("session", sessionId);
> DBCursor cursor = mp.getCollection(localdbName,
> "usersessions").find(allQuery);
> if (!cursor.hasNext()) {
> logger.debug("Session does not exists");
> return null;
> }
>
> String jOut = JSON.serialize(cursor);
> final SimpleSession session = new SimpleSession();
> session.setId(sessionId);
> try {
> JSONArray jArray = new JSONArray(jOut);
> JSONObject jb = (JSONObject) jArray.get(0);
> logger.info("Found session: " +
> jb.get("session"));
> } catch (JSONException e) {
> e.printStackTrace();
> logger.error("No Session is present :: " +
> e.toString());
> }
>
> return session;
> }
>
> @SuppressWarnings("unused")
> private static Session deserialize(String sessionStr) {
> try {
> logger.info("SessionStr >>>> " +
> Base64.decodeToString(sessionStr));
>
> // new ByteArrayInputStream(Base64.
> decode(sessionStr));
> ByteArrayInputStream bis = new
> ByteArrayInputStream(sessionStr.getBytes());
> ObjectInputStream ois = new ObjectInputStream(bis);
> return (Session) ois.readObject();
> } catch (Exception e) {
> throw new RuntimeException("deserialize session
> error", e);
> }
> }
> }//end of class
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.
> nabble.com/Login-successful-but-authenticated-call-to-any-
> other-api-results-in-302-response-tp7581569p7581572.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Login successful, but authenticated call to any other api
results in 302 response.
Posted by itsvisher <an...@gmail.com>.
Gosh!!! You were so right. It is problem of my SessionDAO implementation.
Where did I do wrong??
Here is my implementation of SessionDAO:
package com.company.core.usermanagement;
import java.io.ByteArrayInputStream;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.util.Collection;
import org.apache.log4j.Logger;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import com.mongodb.BasicDBObject;
import com.mongodb.DBCursor;
import com.mongodb.util.JSON;
public class MongoSessionDAO extends AbstractSessionDAO {
private static final Logger logger =
Logger.getLogger(MongoSessionDAO.class);
MongoProvider mp = new MongoProvider();
String localdbName = "testdb";
Session session;
@Override
public void update(Session session) throws UnknownSessionException {
logger.debug("Update session");
}
@Override
public void delete(Session session) {
logger.debug("Deleting session: " + session.getId());
session.stop();
}
@Override
public Collection<Session> getActiveSessions() {
return null;
}
@Override
protected Serializable doCreate(Session session) {
logger.info("Inside doCreate ");
Serializable timeUuid = generateSessionId(session);
assignSessionId(session, timeUuid);
save(session.getId());
logger.info("doCreate session Id: " + session.getId());
return session.getId();
}
private void save(Serializable sessionId) {
logger.info("Saving session...");
int id = 0;
mp.init();
MongoRealm mongoRealmuser = new MongoRealm(mp.getCollection(localdbName,
"usersessions"));
MongoRealm mongoRealcounter = new MongoRealm(mp.getCollection(localdbName,
"counters"));
id = ((Double)
mongoRealcounter.getNextSequence("usersessions")).intValue();
logger.info("sId-----> " + sessionId);
mp.insertDBObject(localdbName, mongoRealmuser.createUserSessions(id,
sessionId), "usersessions");
}
@Override
protected Session doReadSession(Serializable sessionId) {
logger.info("doReadSession - Looking for session id: " +
sessionId.toString());
mp.init();
BasicDBObject allQuery = new BasicDBObject();
allQuery.put("session", sessionId);
DBCursor cursor = mp.getCollection(localdbName,
"usersessions").find(allQuery);
if (!cursor.hasNext()) {
logger.debug("Session does not exists");
return null;
}
String jOut = JSON.serialize(cursor);
final SimpleSession session = new SimpleSession();
session.setId(sessionId);
try {
JSONArray jArray = new JSONArray(jOut);
JSONObject jb = (JSONObject) jArray.get(0);
logger.info("Found session: " + jb.get("session"));
} catch (JSONException e) {
e.printStackTrace();
logger.error("No Session is present :: " + e.toString());
}
return session;
}
@SuppressWarnings("unused")
private static Session deserialize(String sessionStr) {
try {
logger.info("SessionStr >>>> " + Base64.decodeToString(sessionStr));
// new ByteArrayInputStream(Base64.decode(sessionStr));
ByteArrayInputStream bis = new
ByteArrayInputStream(sessionStr.getBytes());
ObjectInputStream ois = new ObjectInputStream(bis);
return (Session) ois.readObject();
} catch (Exception e) {
throw new RuntimeException("deserialize session error", e);
}
}
}//end of class
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Login-successful-but-authenticated-call-to-any-other-api-results-in-302-response-tp7581569p7581572.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Login successful, but authenticated call to any other api results
in 302 response.
Posted by Brian Demers <br...@gmail.com>.
Try taking the Mongo session store out of the mix, and try using
org.apache.shiro.session.mgt.eis.MemorySessionDAO
If that works, then at least you have narrowed down the problem to your
session store.
On Tue, Apr 4, 2017 at 4:26 AM, itsvisher <an...@gmail.com> wrote:
> Hi,
>
> I am using Jersey Framework and decided to use Shiro for authentication
> mechanism.
>
> My problem is, I am able to generate session id and authenticate the user
> with login url, but using the same session key for any other API call is
> always resulting in a 302 response. It's actually happening automatically
> behind the scenes, and my API call is not even getting executed to perform
> other stuff.
>
> Even the logs also say that session is found, but the API code never get's
> executed. Also, the doReadSession is getting called for at least 11 times.
>
> Here is my shiro.ini:
>
>
> # =======================
> # Shiro INI configuration
> # =======================
>
> [main]
> #Defining authentication filter and realm
> authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
> mongoRealm = com.company.core.usermanagement.MongoRealm
> securityManager.realms = $mongoRealm
>
> #Defining session DAO and session Manager
> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> sessionDAO = com.company.core.usermanagement.MongoSessionDAO
> sessionManager.sessionDAO = $sessionDAO
> sessionManager.globalSessionTimeout = 10000
>
> sessionManager.sessionValidationSchedulerEnabled = false
> securityManager.sessionManager = $sessionManager
>
> #Session cache manager
> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> securityManager.cacheManager = $cacheManager
>
> authc.loginUrl = /api/userlogin
>
> [urls]
> /api/userlogin = authc
> /api/** = noSessionCreation, authc
>
>
> Here are my API calls and response:
>
> *For Login:*
>
> curl -i -X POST -H "Content-Type: application/json" -d '{"username":
> "admin", "password": "password", "rememberMe": true}'
> http://localhost:8080/securitysample/api/userlogin
>
> *Response (Expected and Actual):*
>
> HTTP/1.1 200 OK
> Server: Apache-Coyote/1.1
> Set-Cookie: JSESSIONID=d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965;
> Path=/securitysample; HttpOnly
> Set-Cookie: rememberMe=deleteMe; Path=/atlantis-analytics; Max-Age=0;
> Expires=Mon, 03-Apr-2017 07:50:21 GMT
> Set-Cookie:
> rememberMe=pPC2qCOGj93a/sWbOSngHMW3WFAXYnUeINnhLtuNzAf
> 6dAh56APdoArG3k1JWuCZ4I9ljPjqmRqaPYGtalY2ZIMKkCZfs0LvjL+k+
> 4SKTbA8BC5232jrBBYszzphSGsal4+EGPDK29OkeHUY3Yi4ld+3wMNuyP/
> CoaZUjcqZ5qPpj1c5ym7qFj4ylZGf4qscAOtkzqNeste0zns2jTtxakhMKzy
> qgAXFohrhi3eeBqmpaLGXuUN1z4v5jFxV14nqsIAVWiqr1x2BVXfAWD946UyrjYlFO92g+
> TQkuLxkAW2WKTyOYtFUDUM+/AVeUGQc5Tdkj8X94BkywvUuE6BpUQ7BpYaIn9PiC7L5GRRpQ+
> 1L3elEi9XJ6OQ92x8E9xTMPMsr7iFiHqc1edUMhQJmTrRUJPx1iFa1uK+
> yGz9I6IsDKO4JYWlu7INouiiuFgnSOCpNhChDBXwbACJ9cFp2Fv9qcBx/
> Ucx5Kuh71qIJpRct53kz5C7NGffuNOmj9tvqf3vRaBZKe+
> RxpuiCvnFVCwLMpAHutSDA7Kh3EGkeTaYaS9oRgWdd/U/QwIEJ1j1iMVaeK7H6+
> EhvTr15hJTmuA==;
> Path=/securitysample; Max-Age=31536000; Expires=Wed, 04-Apr-2018 07:50:21
> GMT; HttpOnly
> Access-Control-Allow-Origin: *
> Content-Type: */*
> Content-Length: 18
> Date: Tue, 04 Apr 2017 07:50:21 GMT
>
> This is totally expected and I get a session id which is stored in my mongo
> db as well. But call to any other API is always resulting in 302 and the
> actual api code is never getting executed.
>
> *Any other call:*
>
>
> curl -i -X GET -H "Cookie: JSESSIONID=d2594305-e7e1-4bf6-
> a4ea-6ff2ee9c7965"
> http://localhost:8080/securitysample/api/projects?username=admin
>
>
> *Response (Actual and not expected):*
>
>
> HTTP/1.1 302 Moved Temporarily
> Server: Apache-Coyote/1.1
> Location: http://localhost:8080/securitysample/api/userlogin
> Content-Length: 0
> Date: Tue, 04 Apr 2017 07:55:30 GMT
>
>
> Here are the server logs upon calling any other API:
>
>
> 2017-04-04 13:25:30 DEBUG SimpleCookie:389 - Found 'JSESSIONID' cookie
> value
> [d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965]
> 2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 DEBUG MongoSessionDAO:30 - Update session
> 2017-04-04 13:25:30 INFO MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 DEBUG MongoSessionDAO:30 - Update session
>
>
> Can someone please tell where I am doing mistake? I have spent a lot of
> time
> in reading shiro documentations and tried lots of other filters such user,
> anon etc. None is working. Please help.
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.
> nabble.com/Login-successful-but-authenticated-call-to-any-
> other-api-results-in-302-response-tp7581569.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>