You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Amir Mohammad Vosough <am...@gmail.com> on 2011/10/26 15:18:24 UTC
Problem with authentication
Hi there, tnx for great work on shiro!
I have configured shiro for SSO using ehcache to support different
applications on same container. but i am facing a strange problem. the
login page redirects user to page it was redirected from. but sometimes
after the user is redirected, it is not yet authenticated! i debugged
your filter and saw that actualy sometimes user is authenticated and
sometimes not! so i used Thread.sleep(1000) before i redirect user to
the page; well it works better now, but i wanna know where is the
problem. i myself guess when user is redirected to the page, shiro has
not flushed the authenticated status to the session, but how can i be
sure? and what is the solution?
i use spring, and this is my application context:
<bean id="myRealm"
class="com.amv.test.MyRealm">
<property name="sessionFactory" ref="sessionFactory"></property>
</bean>
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- Single realm app. If you have multiple realms, use the 'realms'
property
instead. -->
<property name="realm" ref="myRealm" />
<property name="sessionMode" value="native"/>
<property name="sessionManager" ref="shiroSessionManager"/>
<property name="cacheManager" ref="shiroCacheManager"/>
</bean>
<bean id="shiroCacheManager"
class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManager" ref="ehCacheManager"/>
</bean>
<bean id="ehCacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
<bean id="shiroSessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionDAO" ref="shiroSessionDAO"/>
<property name="sessionIdCookie" ref="shiroIdCookie"></property>
</bean>
<bean id="shiroSessionDAO"
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>
<bean id="shiroIdCookie"
class="org.apache.shiro.web.servlet.SimpleCookie">
<property name="name" value="SSOcookie"></property>
<property name="path" value="/"></property>
</bean>
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/../security/Login.jsp" />
<property name="filterChainDefinitions">
<value>
# some example chain definitions:
#/*.html = authc
/**/*.rpc = authc
# more URL-to-FilterChain definitions here
</value>
</property>
</bean>
Re: Problem with authentication
Posted by amirmv2006 <am...@gmail.com>.
i don't think this would be the problem, since its javadoc says "//does
nothing - parent class persists to cache." it seems that it was not
implemented on purpose!
--
View this message in context: http://shiro-developer.582600.n2.nabble.com/Problem-with-authentication-tp6932865p6942786.html
Sent from the Shiro Developer mailing list archive at Nabble.com.
Re: Problem with authentication
Posted by Manoj Khangaonkar <kh...@gmail.com>.
Hi,
I am looking at a codebase about a month old.
But I notice that the doUpdate(Session) method of
EnterpriseCacheSessionDAO has no implementation.
I wonder if this might have something to do with your problem
Manoj
On Wed, Oct 26, 2011 at 6:18 AM, Amir Mohammad Vosough
<am...@gmail.com> wrote:
> Hi there, tnx for great work on shiro!
> I have configured shiro for SSO using ehcache to support different
> applications on same container. but i am facing a strange problem. the login
> page redirects user to page it was redirected from. but sometimes after the
> user is redirected, it is not yet authenticated! i debugged your filter and
> saw that actualy sometimes user is authenticated and sometimes not! so i
> used Thread.sleep(1000) before i redirect user to the page; well it works
> better now, but i wanna know where is the problem. i myself guess when user
> is redirected to the page, shiro has not flushed the authenticated status to
> the session, but how can i be sure? and what is the solution?
> i use spring, and this is my application context:
>
> <bean id="myRealm"
> class="com.amv.test.MyRealm">
> <property name="sessionFactory" ref="sessionFactory"></property>
> </bean>
>
> <bean id="securityManager"
> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
> <!-- Single realm app. If you have multiple realms, use the 'realms'
> property
> instead. -->
> <property name="realm" ref="myRealm" />
> <property name="sessionMode" value="native"/>
> <property name="sessionManager" ref="shiroSessionManager"/>
> <property name="cacheManager" ref="shiroCacheManager"/>
> </bean>
>
> <bean id="shiroCacheManager"
> class="org.apache.shiro.cache.ehcache.EhCacheManager">
> <property name="cacheManager" ref="ehCacheManager"/>
> </bean>
>
> <bean id="ehCacheManager"
>
> class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
>
> <bean id="shiroSessionManager"
>
> class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
> <property name="sessionDAO" ref="shiroSessionDAO"/>
> <property name="sessionIdCookie" ref="shiroIdCookie"></property>
> </bean>
>
> <bean id="shiroSessionDAO"
>
> class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>
>
> <bean id="shiroIdCookie"
> class="org.apache.shiro.web.servlet.SimpleCookie">
> <property name="name" value="SSOcookie"></property>
> <property name="path" value="/"></property>
> </bean>
>
> <bean id="shiroFilter"
> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
> <property name="securityManager" ref="securityManager" />
> <property name="loginUrl" value="/../security/Login.jsp" />
> <property name="filterChainDefinitions">
> <value>
> # some example chain definitions:
> #/*.html = authc
> /**/*.rpc = authc
> # more URL-to-FilterChain definitions here
> </value>
> </property>
> </bean>
>
>
>
--
http://khangaonkar.blogspot.com/