You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Narcom <na...@yahoo.com> on 2009/11/02 11:57:03 UTC
Re: Spring stand alone client
I managed to call remote "secure" spring bean at last... using this code
PropertyConfigurator.configure("web/WEB-INF/log.properties");
ctx = new
FileSystemXmlApplicationContext("/web/WEB-INF/remoting-client.xml");
DefaultSecurityManager securityManager = new
DefaultSecurityManager();
securityManager.setRealm(new PropertiesRealm());
SecurityUtils.setSecurityManager(securityManager);
LoginManagerRemote loginManager = (LoginManagerRemote)
ctx.getBean("loginManager");
UserRemote user = loginManager.login();
String sessionId = user.getSessionId();
log.info("user name: " + user.getName());
log.info("sesssionId: " + sessionId);
SimpleSession session = new SimpleSession();
session.setId(sessionId);
Subject subject = new
Subject.Builder().session(session).buildSubject();
Session sessionLocal = subject.getSession(false);
if(sessionLocal != null){
log.info("session.getId(): " + sessionLocal.getId());
} else {
log.info("session: null");
}
subject.execute(new Runnable() {
public void run() {
SampleManager sampleManager = (SampleManager)
ctx.getBean("sampleManager");
String result = sampleManager.secureMethod1();
log.info(result);
}
});
but now I have another problem. When I call secureMethod1() it execute fine
only if I do not check authorization.
this what I get on server side:
2009-11-02 14:50:04,656 DEBUG
(org.apache.shiro.authc.credential.SimpleCredentialsMatcher:100) Performing
credentials equality check for tokenCredentials of type
[org.apache.shiro.crypto.hash.Sha256Hash and accountCredentials of type
[org.apache.shiro.crypto.hash.Sha256Hash]
2009-11-02 14:50:04,656 DEBUG
(org.apache.shiro.authc.AbstractAuthenticator:217) Authentication successful
for token [org.apache.shiro.authc.UsernamePasswordToken - user1,
rememberMe=true]. Returned account
[org.apache.shiro.subject.SimplePrincipalCollection@4930af45]
2009-11-02 14:50:04,687 DEBUG
(org.apache.shiro.web.attr.AbstractWebAttribute:171) No 'editorClass'
property set - returning value.toString() as the string value for method
argument.
2009-11-02 14:50:04,687 DEBUG
(org.apache.shiro.web.attr.CookieAttribute:350) Added Cookie [rememberMe] to
path [/SpringRemoting] with value
[UwP13UzjVUceLBNWh+sYM01JWOSbBOwc1ZLySIws0IdnkcWeD/yWeH0eIycwHaI8MRKPyenBr76EoLkEZnXSz4i27cTTUps5qOgU/ZQLdvIOxlZxmT9RlUvKT6zopnQrSpdsCNaruG/Op/XEoJcdNLI9rJCCyMKN3em5wl8GrWTIzKS4hzHombGBEW4EPS9jv40HV4mIS2sUFXm5MlOptr99e1A6eKYxlLrldk2/yqw29nWohE0sIjO7tRF9mOAZUeC/Fem6K4S82LbXAJ6p0oNg3MP7dbFSkeeDF2CwFJvvi5xVrGyF0aKk8JzBHKzmRgLAreVAMGR0L2hGHOgIP/uup6KzE3QFZJpPSCmtcRZASMTpLxTpiiTHhVmB9Hf42eGB9vfoR9QFfK0U+in7fyrWyyAs3GPdM884yP9B8YdVfqUzqWhbzMDdUgS0PKpc3QsBDOqdsLzOpvUImFdomuk+RZ98i28s/KP1puAwmeo=]
to the HttpServletResponse
2009-11-02 14:50:04,812 INFO (com.springbook.LoginManagerBean:43)
70931A960971B2477A95A27B296D4C0D
2009-11-02 14:50:04,843 DEBUG
(org.apache.shiro.mgt.DefaultSecurityManager:384) Context referenced
sessionId is invalid. Ignoring and creating an anonymous (session-less)
Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with
id [70931A960971B2477A95A27B296D4C0D]
at
org.apache.shiro.session.mgt.AbstractSessionManager.getSession(AbstractSessionManager.java:249)
at
org.apache.shiro.session.mgt.AbstractSessionManager.checkValid(AbstractSessionManager.java:265)
at
org.apache.shiro.mgt.SessionsSecurityManager.checkValid(SessionsSecurityManager.java:294)
at
org.apache.shiro.mgt.DefaultSecurityManager.getSession(DefaultSecurityManager.java:192)
at
org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:380)
at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:343)
at
org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:703)
at
org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor.invoke(SecureRemoteInvocationExecutor.java:106)
at
org.springframework.remoting.support.RemoteInvocationBasedExporter.invoke(RemoteInvocationBasedExporter.java:78)
at
org.springframework.remoting.support.RemoteInvocationBasedExporter.invokeAndCreateResult(RemoteInvocationBasedExporter.java:114)
at
org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.handleRequest(HttpInvokerServiceExporter.java:117)
at
org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter.handle(HttpRequestHandlerAdapter.java:49)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:874)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:808)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:441)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.shiro.web.servlet.ShiroFilter.executeChain(ShiroFilter.java:687)
at
org.apache.shiro.web.servlet.ShiroFilter.doFilterInternal(ShiroFilter.java:616)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
2009-11-02 14:50:04,906 INFO
(my.samples.shiro.spring.DefaultSampleManager:91) Secure method 1 called...
2009-11-02 14:50:04,906 INFO
(my.samples.shiro.spring.DefaultSampleManager:96)
currentUser.isAuthenticated(): false
2009-11-02 14:50:04,906 INFO
(my.samples.shiro.spring.DefaultSampleManager:101) session: null
note this line "There is no session with id
[70931A960971B2477A95A27B296D4C0D]" but this sessionId was created on
previuos call and send to client and submitted to Subject session. this is
client output:
2009-11-02 14:50:04,828 INFO (com.springbook.client.RemotingTest:65) user
name: user1
2009-11-02 14:50:04,828 INFO (com.springbook.client.RemotingTest:66)
sesssionId: 70931A960971B2477A95A27B296D4C0D
2009-11-02 14:50:04,828 DEBUG
(org.apache.shiro.mgt.DefaultSecurityManager:371) Context already contains a
session. Returning.
2009-11-02 14:50:04,828 INFO (com.springbook.client.RemotingTest:99)
session.getId(): 70931A960971B2477A95A27B296D4C0D
2009-11-02 14:50:04,906 INFO (com.springbook.client.RemotingTest:109) Secure
method 1 called...
so it looks like by some reason session created before is not restored by
shiro...
how to fix it?
--
View this message in context: http://n2.nabble.com/Spring-stand-alone-client-tp3910311p3931076.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Spring stand alone client
Posted by Les Hazlewood <lh...@apache.org>.
This feature - any rich client participating in a server side session
- is a powerful feature unique to Shiro. You must use Shiro's native
sessions. Servlet container HTTP sessions can't support this
functionality for any protocols other than HTTP. Shiro's native
session mode can.
Does this help?
Regards,
Les
On Mon, Nov 2, 2009 at 2:43 PM, Narcom <na...@yahoo.com> wrote:
>
> I figured out what is wrong using "http monitor" and debugger...
> When I use shiro SecureRemoteInvocationFactory for spring remoting it does
> not send http session cookies/headers at all. but instead somehow serialize
> and wrap them into into server request. On server side Shiro unwrap recieved
> object and extracts that server id... but problem is that Tomcat have no
> idea that it was request with session... All this happens if you use not
> "native" session storage mode but "http" session mode and
> DefaultSecurityManager.
>
> If I switched to native session mode then everything is working.
>
> It seems to me that to use standard http session I need to use
> DefaultWebSecurityManager but I do not know how to initiate it on client
> side. any ideas?
>
>
> Narcom wrote:
>>
>> I managed to call remote "secure" spring bean at last... using this code
>> PropertyConfigurator.configure("web/WEB-INF/log.properties");
>> ctx = new
>> FileSystemXmlApplicationContext("/web/WEB-INF/remoting-client.xml");
>>
>> DefaultSecurityManager securityManager = new
>> DefaultSecurityManager();
>> securityManager.setRealm(new PropertiesRealm());
>>
>> SecurityUtils.setSecurityManager(securityManager);
>>
>> LoginManagerRemote loginManager = (LoginManagerRemote)
>> ctx.getBean("loginManager");
>> UserRemote user = loginManager.login();
>> String sessionId = user.getSessionId();
>> log.info("user name: " + user.getName());
>> log.info("sesssionId: " + sessionId);
>>
>> SimpleSession session = new SimpleSession();
>> session.setId(sessionId);
>>
>> Subject subject = new
>> Subject.Builder().session(session).buildSubject();
>>
>> Session sessionLocal = subject.getSession(false);
>> if(sessionLocal != null){
>> log.info("session.getId(): " + sessionLocal.getId());
>> } else {
>> log.info("session: null");
>> }
>>
>> subject.execute(new Runnable() {
>>
>> public void run() {
>> SampleManager sampleManager = (SampleManager)
>> ctx.getBean("sampleManager");
>> String result = sampleManager.secureMethod1();
>> log.info(result);
>> }
>> });
>>
>> but now I have another problem. When I call secureMethod1() it execute
>> fine only if I do not check authorization.
>> this what I get on server side:
>> 2009-11-02 14:50:04,656 DEBUG
>> (org.apache.shiro.authc.credential.SimpleCredentialsMatcher:100)
>> Performing credentials equality check for tokenCredentials of type
>> [org.apache.shiro.crypto.hash.Sha256Hash and accountCredentials of type
>> [org.apache.shiro.crypto.hash.Sha256Hash]
>> 2009-11-02 14:50:04,656 DEBUG
>> (org.apache.shiro.authc.AbstractAuthenticator:217) Authentication
>> successful for token [org.apache.shiro.authc.UsernamePasswordToken -
>> user1, rememberMe=true]. Returned account
>> [org.apache.shiro.subject.SimplePrincipalCollection@4930af45]
>> 2009-11-02 14:50:04,687 DEBUG
>> (org.apache.shiro.web.attr.AbstractWebAttribute:171) No 'editorClass'
>> property set - returning value.toString() as the string value for method
>> argument.
>> 2009-11-02 14:50:04,687 DEBUG
>> (org.apache.shiro.web.attr.CookieAttribute:350) Added Cookie [rememberMe]
>> to path [/SpringRemoting] with value
>> [UwP13UzjVUceLBNWh+sYM01JWOSbBOwc1ZLySIws0IdnkcWeD/yWeH0eIycwHaI8MRKPyenBr76EoLkEZnXSz4i27cTTUps5qOgU/ZQLdvIOxlZxmT9RlUvKT6zopnQrSpdsCNaruG/Op/XEoJcdNLI9rJCCyMKN3em5wl8GrWTIzKS4hzHombGBEW4EPS9jv40HV4mIS2sUFXm5MlOptr99e1A6eKYxlLrldk2/yqw29nWohE0sIjO7tRF9mOAZUeC/Fem6K4S82LbXAJ6p0oNg3MP7dbFSkeeDF2CwFJvvi5xVrGyF0aKk8JzBHKzmRgLAreVAMGR0L2hGHOgIP/uup6KzE3QFZJpPSCmtcRZASMTpLxTpiiTHhVmB9Hf42eGB9vfoR9QFfK0U+in7fyrWyyAs3GPdM884yP9B8YdVfqUzqWhbzMDdUgS0PKpc3QsBDOqdsLzOpvUImFdomuk+RZ98i28s/KP1puAwmeo=]
>> to the HttpServletResponse
>> 2009-11-02 14:50:04,812 INFO (com.springbook.LoginManagerBean:43)
>> 70931A960971B2477A95A27B296D4C0D
>> 2009-11-02 14:50:04,843 DEBUG
>> (org.apache.shiro.mgt.DefaultSecurityManager:384) Context referenced
>> sessionId is invalid. Ignoring and creating an anonymous (session-less)
>> Subject instance.
>> org.apache.shiro.session.UnknownSessionException: There is no session with
>> id [70931A960971B2477A95A27B296D4C0D]
>> at
>> org.apache.shiro.session.mgt.AbstractSessionManager.getSession(AbstractSessionManager.java:249)
>> at
>> org.apache.shiro.session.mgt.AbstractSessionManager.checkValid(AbstractSessionManager.java:265)
>> at
>> org.apache.shiro.mgt.SessionsSecurityManager.checkValid(SessionsSecurityManager.java:294)
>> at
>> org.apache.shiro.mgt.DefaultSecurityManager.getSession(DefaultSecurityManager.java:192)
>> at
>> org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:380)
>> at
>> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:343)
>> at
>> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:703)
>> at
>> org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor.invoke(SecureRemoteInvocationExecutor.java:106)
>> at
>> org.springframework.remoting.support.RemoteInvocationBasedExporter.invoke(RemoteInvocationBasedExporter.java:78)
>> at
>> org.springframework.remoting.support.RemoteInvocationBasedExporter.invokeAndCreateResult(RemoteInvocationBasedExporter.java:114)
>> at
>> org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.handleRequest(HttpInvokerServiceExporter.java:117)
>> at
>> org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter.handle(HttpRequestHandlerAdapter.java:49)
>> at
>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:874)
>> at
>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:808)
>> at
>> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
>> at
>> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:441)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> at
>> org.apache.shiro.web.servlet.ShiroFilter.executeChain(ShiroFilter.java:687)
>> at
>> org.apache.shiro.web.servlet.ShiroFilter.doFilterInternal(ShiroFilter.java:616)
>> at
>> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> at
>> org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>> at
>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>> at
>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>> at
>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>> at java.lang.Thread.run(Thread.java:619)
>> 2009-11-02 14:50:04,906 INFO
>> (my.samples.shiro.spring.DefaultSampleManager:91) Secure method 1
>> called...
>> 2009-11-02 14:50:04,906 INFO
>> (my.samples.shiro.spring.DefaultSampleManager:96)
>> currentUser.isAuthenticated(): false
>> 2009-11-02 14:50:04,906 INFO
>> (my.samples.shiro.spring.DefaultSampleManager:101) session: null
>>
>> note this line "There is no session with id
>> [70931A960971B2477A95A27B296D4C0D]" but this sessionId was created on
>> previuos call and send to client and submitted to Subject session. this is
>> client output:
>>
>> 2009-11-02 14:50:04,828 INFO (com.springbook.client.RemotingTest:65) user
>> name: user1
>> 2009-11-02 14:50:04,828 INFO (com.springbook.client.RemotingTest:66)
>> sesssionId: 70931A960971B2477A95A27B296D4C0D
>> 2009-11-02 14:50:04,828 DEBUG
>> (org.apache.shiro.mgt.DefaultSecurityManager:371) Context already contains
>> a session. Returning.
>> 2009-11-02 14:50:04,828 INFO (com.springbook.client.RemotingTest:99)
>> session.getId(): 70931A960971B2477A95A27B296D4C0D
>> 2009-11-02 14:50:04,906 INFO (com.springbook.client.RemotingTest:109)
>> Secure method 1 called...
>>
>> so it looks like by some reason session created before is not restored by
>> shiro...
>>
>> how to fix it?
>>
>>
>>
>
> --
> View this message in context: http://n2.nabble.com/Spring-stand-alone-client-tp3910311p3934177.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Spring stand alone client
Posted by Narcom <na...@yahoo.com>.
I figured out what is wrong using "http monitor" and debugger...
When I use shiro SecureRemoteInvocationFactory for spring remoting it does
not send http session cookies/headers at all. but instead somehow serialize
and wrap them into into server request. On server side Shiro unwrap recieved
object and extracts that server id... but problem is that Tomcat have no
idea that it was request with session... All this happens if you use not
"native" session storage mode but "http" session mode and
DefaultSecurityManager.
If I switched to native session mode then everything is working.
It seems to me that to use standard http session I need to use
DefaultWebSecurityManager but I do not know how to initiate it on client
side. any ideas?
Narcom wrote:
>
> I managed to call remote "secure" spring bean at last... using this code
> PropertyConfigurator.configure("web/WEB-INF/log.properties");
> ctx = new
> FileSystemXmlApplicationContext("/web/WEB-INF/remoting-client.xml");
>
> DefaultSecurityManager securityManager = new
> DefaultSecurityManager();
> securityManager.setRealm(new PropertiesRealm());
>
> SecurityUtils.setSecurityManager(securityManager);
>
> LoginManagerRemote loginManager = (LoginManagerRemote)
> ctx.getBean("loginManager");
> UserRemote user = loginManager.login();
> String sessionId = user.getSessionId();
> log.info("user name: " + user.getName());
> log.info("sesssionId: " + sessionId);
>
> SimpleSession session = new SimpleSession();
> session.setId(sessionId);
>
> Subject subject = new
> Subject.Builder().session(session).buildSubject();
>
> Session sessionLocal = subject.getSession(false);
> if(sessionLocal != null){
> log.info("session.getId(): " + sessionLocal.getId());
> } else {
> log.info("session: null");
> }
>
> subject.execute(new Runnable() {
>
> public void run() {
> SampleManager sampleManager = (SampleManager)
> ctx.getBean("sampleManager");
> String result = sampleManager.secureMethod1();
> log.info(result);
> }
> });
>
> but now I have another problem. When I call secureMethod1() it execute
> fine only if I do not check authorization.
> this what I get on server side:
> 2009-11-02 14:50:04,656 DEBUG
> (org.apache.shiro.authc.credential.SimpleCredentialsMatcher:100)
> Performing credentials equality check for tokenCredentials of type
> [org.apache.shiro.crypto.hash.Sha256Hash and accountCredentials of type
> [org.apache.shiro.crypto.hash.Sha256Hash]
> 2009-11-02 14:50:04,656 DEBUG
> (org.apache.shiro.authc.AbstractAuthenticator:217) Authentication
> successful for token [org.apache.shiro.authc.UsernamePasswordToken -
> user1, rememberMe=true]. Returned account
> [org.apache.shiro.subject.SimplePrincipalCollection@4930af45]
> 2009-11-02 14:50:04,687 DEBUG
> (org.apache.shiro.web.attr.AbstractWebAttribute:171) No 'editorClass'
> property set - returning value.toString() as the string value for method
> argument.
> 2009-11-02 14:50:04,687 DEBUG
> (org.apache.shiro.web.attr.CookieAttribute:350) Added Cookie [rememberMe]
> to path [/SpringRemoting] with value
> [UwP13UzjVUceLBNWh+sYM01JWOSbBOwc1ZLySIws0IdnkcWeD/yWeH0eIycwHaI8MRKPyenBr76EoLkEZnXSz4i27cTTUps5qOgU/ZQLdvIOxlZxmT9RlUvKT6zopnQrSpdsCNaruG/Op/XEoJcdNLI9rJCCyMKN3em5wl8GrWTIzKS4hzHombGBEW4EPS9jv40HV4mIS2sUFXm5MlOptr99e1A6eKYxlLrldk2/yqw29nWohE0sIjO7tRF9mOAZUeC/Fem6K4S82LbXAJ6p0oNg3MP7dbFSkeeDF2CwFJvvi5xVrGyF0aKk8JzBHKzmRgLAreVAMGR0L2hGHOgIP/uup6KzE3QFZJpPSCmtcRZASMTpLxTpiiTHhVmB9Hf42eGB9vfoR9QFfK0U+in7fyrWyyAs3GPdM884yP9B8YdVfqUzqWhbzMDdUgS0PKpc3QsBDOqdsLzOpvUImFdomuk+RZ98i28s/KP1puAwmeo=]
> to the HttpServletResponse
> 2009-11-02 14:50:04,812 INFO (com.springbook.LoginManagerBean:43)
> 70931A960971B2477A95A27B296D4C0D
> 2009-11-02 14:50:04,843 DEBUG
> (org.apache.shiro.mgt.DefaultSecurityManager:384) Context referenced
> sessionId is invalid. Ignoring and creating an anonymous (session-less)
> Subject instance.
> org.apache.shiro.session.UnknownSessionException: There is no session with
> id [70931A960971B2477A95A27B296D4C0D]
> at
> org.apache.shiro.session.mgt.AbstractSessionManager.getSession(AbstractSessionManager.java:249)
> at
> org.apache.shiro.session.mgt.AbstractSessionManager.checkValid(AbstractSessionManager.java:265)
> at
> org.apache.shiro.mgt.SessionsSecurityManager.checkValid(SessionsSecurityManager.java:294)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.getSession(DefaultSecurityManager.java:192)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:380)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:343)
> at
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:703)
> at
> org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor.invoke(SecureRemoteInvocationExecutor.java:106)
> at
> org.springframework.remoting.support.RemoteInvocationBasedExporter.invoke(RemoteInvocationBasedExporter.java:78)
> at
> org.springframework.remoting.support.RemoteInvocationBasedExporter.invokeAndCreateResult(RemoteInvocationBasedExporter.java:114)
> at
> org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.handleRequest(HttpInvokerServiceExporter.java:117)
> at
> org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter.handle(HttpRequestHandlerAdapter.java:49)
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:874)
> at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:808)
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
> at
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:441)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.shiro.web.servlet.ShiroFilter.executeChain(ShiroFilter.java:687)
> at
> org.apache.shiro.web.servlet.ShiroFilter.doFilterInternal(ShiroFilter.java:616)
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Thread.java:619)
> 2009-11-02 14:50:04,906 INFO
> (my.samples.shiro.spring.DefaultSampleManager:91) Secure method 1
> called...
> 2009-11-02 14:50:04,906 INFO
> (my.samples.shiro.spring.DefaultSampleManager:96)
> currentUser.isAuthenticated(): false
> 2009-11-02 14:50:04,906 INFO
> (my.samples.shiro.spring.DefaultSampleManager:101) session: null
>
> note this line "There is no session with id
> [70931A960971B2477A95A27B296D4C0D]" but this sessionId was created on
> previuos call and send to client and submitted to Subject session. this is
> client output:
>
> 2009-11-02 14:50:04,828 INFO (com.springbook.client.RemotingTest:65) user
> name: user1
> 2009-11-02 14:50:04,828 INFO (com.springbook.client.RemotingTest:66)
> sesssionId: 70931A960971B2477A95A27B296D4C0D
> 2009-11-02 14:50:04,828 DEBUG
> (org.apache.shiro.mgt.DefaultSecurityManager:371) Context already contains
> a session. Returning.
> 2009-11-02 14:50:04,828 INFO (com.springbook.client.RemotingTest:99)
> session.getId(): 70931A960971B2477A95A27B296D4C0D
> 2009-11-02 14:50:04,906 INFO (com.springbook.client.RemotingTest:109)
> Secure method 1 called...
>
> so it looks like by some reason session created before is not restored by
> shiro...
>
> how to fix it?
>
>
>
--
View this message in context: http://n2.nabble.com/Spring-stand-alone-client-tp3910311p3934177.html
Sent from the Shiro User mailing list archive at Nabble.com.