You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by gkaur <gk...@vonage.com> on 2009/07/23 22:56:39 UTC
Exception: There is no session with id
Hi,
I am getting an exception after putting in my correct credentials to a login
screen
Exception is
org.apache.shiro.session.UnknownSessionException: There is no session with
id
I am not sure what is the cause of this exception
But after the login servlet gets called the Page is forwarded to a
viewcontacts page.
But before even if it gets to that point subject.login(token) fails.
Thank you
-Gurpreet
--
View this message in context: http://n2.nabble.com/Exception%3A-There-is-no-session-with-id-tp3312246p3312246.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: sending user to page after login
Posted by Les Hazlewood <lh...@apache.org>.
You need to get the SavedRequest object after a successful login,
which is created automatically when accessing a URL for which the
Subject is not authenticated.
You can do this by calling WebUtils.getAndClearSavedRequest(request)
and then use the SavedRequest object that is returned to construct the
redirect.
Look at the AuthenticationFilter source code - the
'issueSuccessRedirect' method here:
https://svn.apache.org/repos/asf/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java
You could replicate that logic in your controller do perform the redirect.
In the meantime, I'll pose the question to the dev list to see if this
should be a static method call since there is nothing in that code
that requires use of a class attribute - then you could just make a
single call in your code instead of replicating the above method code.
Cheers,
Les
On Tue, Jul 28, 2009 at 9:58 AM, Andy Tripp<An...@vonage.com> wrote:
> Les,
> OK, I'm using PassThruAuthenticationFilter now. But I still don't know
> how to store the URL that the user is tring to get to so that I can send
> him there after successful login. I have this in my ShiroFilter config:
> /account/** = myauthc
> ...and how that's being handled is a mystery to me.
>
> Andy
>
> -----Original Message-----
> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> Behalf Of Les Hazlewood
> Sent: Monday, July 27, 2009 5:38 PM
> To: shiro-user@incubator.apache.org
> Subject: Re:
>
> Hi Andy,
>
> Yep, you can do this, but you'll need to use the
> PassThruAuthenticationFilter instead to 'pass thru' the request to
> your login controller directly. The 'authc' filter defaults to an
> instance of the
> org.apache.shiro.web.filter.authc.FormAuthenticationFilter class and
> is used only if you want Shiro to be the 'controller' for form
> submissions. This works fine in many apps, but for more customized
> processing, you'll definitely want to use the
> PassThruAuthenticationFilter instead.
>
> You have two ways to do this. In your ShiroFilter's .ini config, you
> can 1) reassign the 'authc' filter to be what you want:
>
> [filters]
> ...
> authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
>
> or you can 2) just create a new filter and reference that everywhere
> instead of 'authc':
>
> myAuthc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
>
> [urls]
> /some/path = myAuthc
> etc.
>
> I tend to prefer the first to avoid the confusion that there might be
> more than one authentication filter, but it is entirely up to you.
>
> Cheers,
>
> Les
>
> On Mon, Jul 27, 2009 at 4:00 PM, Andy Tripp<An...@vonage.com>
> wrote:
>> Hi,
>> I have a question about filters.
>> In the javadoc for the ShiroFilter class, it shows how to redirect all
>> requests to urls under "/account" to the built-in "authc" filter. I've
>> got that working in the "webapp" example, and I've changed the
> login.jsp
>> to invoke my servlet that does the authentication.
>>
>> But now, of couse, I want to pass the user on to the page he was
> trying
>> to get to (e.g. /account/index.jsp). Is there a way to do that?
> Perhaps
>> a way in the filter configuration text that says "redirect all
>> /account/** requests to login.jsp, and set the hidden form field
> called
>> 'nextPage' to the specific URL that the user's trying to get to" or
>> something like that?
>>
>> Thanks,
>> Andy
>>
>
Re: sending user to page after login
Posted by Les Hazlewood <lh...@apache.org>.
Hi Andy,
They know to perform a login attempt because of your configured login
URL and they can react to requests sent to that URL.
The FormAuthenticationFilter for example determines that a request
must be a form submission if the request path matches your configured
login URL and it is a POST request. No form "action" attribute is
required - the filter knows how to automatically inspect the request.
Here is the logic if you're curious:
https://svn.apache.org/repos/asf/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.java
the 'onAccessDenied' method implementation.
Cheers,
Les
On Tue, Jul 28, 2009 at 1:36 PM, Andy Tripp<An...@vonage.com> wrote:
> Les,
>
> I've got things working with the PassThruAuthenticationFilter, but I
> don't understand how the flow of control works with
> FormAuthenticationFilter. With either PassThruAuthenticationFilter or
> FormAuthenticationFilter, we redirect the user to login.jsp, and we have
> to supply some ACTION. i.e. the webapp sample comes with a blank ACTION
> that needs to be filled in by me, right? In my case, I send a POST to my
> own servlet which calls login() and redirects. I see the
> FormAuthenticationFilter does the same thing in the
> AuthenticatingFilter.executeLogin() method, but I don't understand where
> that's called from. Is there some servlet that comes with Shiro that
> makes that call, or is there some other "magic" way that it gets called
> when the user presses Submit on login.jsp?
>
> Thanks for all the answers.
> Andy
>
> -----Original Message-----
> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> Behalf Of Les Hazlewood
> Sent: Tuesday, July 28, 2009 11:19 AM
> To: shiro-user@incubator.apache.org
> Subject: Re: sending user to page after login
>
> Hi Andy,
>
> The existing FormAuthenticationFilter does indeed already perform this
> logic of redirect immediately after successful login in its
> onLoginSuccess method implementation.
>
> Cheers,
>
> Les
>
>
RE: sending user to page after login
Posted by Andy Tripp <An...@vonage.com>.
Les,
I've got things working with the PassThruAuthenticationFilter, but I
don't understand how the flow of control works with
FormAuthenticationFilter. With either PassThruAuthenticationFilter or
FormAuthenticationFilter, we redirect the user to login.jsp, and we have
to supply some ACTION. i.e. the webapp sample comes with a blank ACTION
that needs to be filled in by me, right? In my case, I send a POST to my
own servlet which calls login() and redirects. I see the
FormAuthenticationFilter does the same thing in the
AuthenticatingFilter.executeLogin() method, but I don't understand where
that's called from. Is there some servlet that comes with Shiro that
makes that call, or is there some other "magic" way that it gets called
when the user presses Submit on login.jsp?
Thanks for all the answers.
Andy
-----Original Message-----
From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
Behalf Of Les Hazlewood
Sent: Tuesday, July 28, 2009 11:19 AM
To: shiro-user@incubator.apache.org
Subject: Re: sending user to page after login
Hi Andy,
The existing FormAuthenticationFilter does indeed already perform this
logic of redirect immediately after successful login in its
onLoginSuccess method implementation.
Cheers,
Les
Re: need more help with SSO
Posted by Les Hazlewood <lh...@apache.org>.
HI Andy,
I just committed the fix. If using Maven snapshots, please await for
the Hudson build to complete and then try the new snapshot.
Cheers,
Les
On Thu, Aug 20, 2009 at 2:39 PM, Les Hazlewood<lh...@apache.org> wrote:
> Hi Andy,
>
> I had to move the issue to Shiro's issue space (Ki is now defunct):
>
> https://issues.apache.org/jira/browse/SHIRO-85
>
> Regards,
>
> Les
>
> On Thu, Aug 20, 2009 at 2:30 PM, Les Hazlewood<lh...@apache.org> wrote:
>> Thanks!
>>
>> On Thu, Aug 20, 2009 at 2:02 PM, Andy Tripp<An...@vonage.com> wrote:
>>> Jira issue created:
>>> https://issues.apache.org/jira/browse/KI-82
>>>
>>>> -----Original Message-----
>>>> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
>>>> Behalf Of Les Hazlewood
>>>> Sent: Thursday, August 20, 2009 11:53 AM
>>>> To: shiro-user@incubator.apache.org
>>>> Subject: Re: need more help with SSO
>>>>
>>>> Hi Andy,
>>>>
>>>> Can you please make note of this in a Jira issue? I'll fix it right
>>>> away, but I'd like a record of this so when I modify the code, I can
>>>> comment exactly why the change is required to ensure someone in the
>>>> future doesn't accidentally revert the change.
>>>>
>>>> Thanks!
>>>>
>>>> Les
>>>>
>>>> On Thu, Aug 20, 2009 at 11:27 AM, Andy Tripp<An...@vonage.com>
>>>> wrote:
>>>> > Les,
>>>> >
>>>> > I finally found the problem. This line...
>>>> > securityManager.sessionDAO = $sessionDAO
>>>> > ...was being processed BEFORE this line...
>>>> > securityManager.sessionManager = $sessionManager
>>>> >
>>>> > In ReflectionBuilder.buildObjects(), instanceMap and propertyMap need to
>>>> be LinkedHashMap type, not just HashMap. With HashMap, the properties in
>>>> ShiroFilter are being processed in arbitrary order, rather than the order
>>>> listed. That would explain why it works for you and not me - you got
>>>> unlucky :)
>>>> >
>>>> > Andy
>>>> >
>>>> >
>>>> >> -----Original Message-----
>>>> >> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
>>>> >> Sent: Wednesday, August 19, 2009 4:02 PM
>>>> >> To: shiro-user@incubator.apache.org
>>>> >> Subject: RE: need more help with SSO
>>>> >>
>>>> >> Les,
>>>> >> Sorry, that last email was a mistake on my part.
>>>> >>
>>>> >> Les,
>>>> >>
>>>> >> What I'm seeing now is that the DefaultWebSecurityManager instance's
>>>> >> SessionManager is always set to ServletContainerSessionManager, when it
>>>> >> should be a DefaultWebSessionManager. I tried adding these to my
>>>> config:
>>>> >>
>>>> >> sessionManager =
>>>> org.apache.shiro.web.session.DefaultWebSessionManager
>>>> >> securityManager.sessionManager = $sessionManager
>>>> >>
>>>> >> ...but still, the DefaultWebSecurityManager.sessionManager field is an
>>>> >> instance of ServletContainerSessionManager.
>>>> >>
>>>> >> I'm stumped. I guess I'm not clear on what SecurityManager instance is
>>>> >> being called by this config stuff. Perhaps I'm missing some sort of:
>>>> >> something.securityManager = securityManager
>>>> >>
>>>> >> Andy
>>>> >> p.s. here's my full [main] section of my filter:
>>>> >>
>>>> >> realmA = org.apache.shiro.realm.text.PropertiesRealm
>>>> >> securityManager = org.apache.shiro.web.DefaultWebSecurityManager
>>>> >> sessionManager =
>>>> >> org.apache.shiro.web.session.DefaultWebSessionManager
>>>> >> securityManager.sessionManager = $sessionManager
>>>> >>
>>>> >> securityManager.sessionMode = native
>>>> >>
>>>> >> cacheManager = org.apache.shiro.cache.DefaultCacheManager
>>>> >>
>>>> >> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>>>> >> sessionDAO.cacheManager = $cacheManager
>>>> >> securityManager.sessionDAO = $sessionDAO
>>>> >> securityManager.cacheManager = $cacheManager
>>>> >>
>>>> >> securityManager.realm = $realmA
>>>> >>
>>>> >> > -----Original Message-----
>>>> >> > From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com]
>>>> On
>>>> >> > Behalf Of Les Hazlewood
>>>> >> > Sent: Wednesday, August 19, 2009 2:20 PM
>>>> >> > To: shiro-user@incubator.apache.org
>>>> >> > Subject: Re: need more help with SSO
>>>> >> >
>>>> >> > Hrm - that would be very odd if the DefaultWebSecurityManager was not
>>>> >> > the instance - that is what the ShiroFilter enables at startup by
>>>> >> > default. Just in case, try this as your very first config line:
>>>> >> >
>>>> >> > securityManager = org.apache.shiro.web.DefaultWebSecurityManager
>>>> >> >
>>>> >> > What does your debugger say is the securityManager instance?
>>>> >> > Something is very strange...
>>>> >> >
>>>> >> > Thanks for the extra info. Are there any JUnit tests you might be
>>>> >> > able to send our way?
>>>> >> >
>>>> >> > - Les
>>>> >> >
>>>> >> > On Wed, Aug 19, 2009 at 1:56 PM, Andy Tripp<An...@vonage.com>
>>>> >> > wrote:
>>>> >> > > Les,
>>>> >> > > I put tracing code in DefaultWebSecurityManager.setSessionMode(),
>>>> and
>>>> >> it
>>>> >> > appears that this method is not getting called. So the
>>>> >> > ServletContainerSessionManager is not getting replace by a
>>>> >> > DefaultWebSessionManager. So it appears that this line in the filter
>>>> >> > config:
>>>> >> > >
>>>> >> > > securityManager.sessionMode = native
>>>> >> > >
>>>> >> > > is having no effect (note that it's securityManager, not
>>>> >> sessionManager
>>>> >> > as you suggest in the previous response).
>>>> >> > >
>>>> >> > > I'll keep trying to track it down further, any pointers would be
>>>> >> > appreciated. I'm off to try to find the some SecurityManager
>>>> instance,
>>>> >> > which I suspect is something other than a DefaultWebSecurityManager,
>>>> >> which
>>>> >> > would mean that this config line is failing silently.
>>>> >> > >
>>>> >> > > Obviously, all this dependency injection via XML is driving me
>>>> >> > completely crazy. I may be allergic to server-side Java :)
>>>> >> > >
>>>> >> > > Andy
>>>> >> > >
>>>> >> > >> -----Original Message-----
>>>> >> > >> From: les.hazlewood@anjinllc.com
>>>> [mailto:les.hazlewood@anjinllc.com]
>>>> >> On
>>>> >> > >> Behalf Of Les Hazlewood
>>>> >> > >> Sent: Wednesday, August 19, 2009 12:46 PM
>>>> >> > >> To: shiro-user@incubator.apache.org
>>>> >> > >> Subject: Re: need more help with SSO
>>>> >> > >>
>>>> >> > >> Hi Andy,
>>>> >> > >>
>>>> >> > >> A quick note about the message: that was a bug in the exception
>>>> >> > >> message, but the code is working as expected: if the wrapped
>>>> >> > >> SessionManager does not implement the SessionDAOAware interface,
>>>> it
>>>> >> > >> cannot be injected with a SessionDAO. I have since fixed the
>>>> message
>>>> >> > >> to be correct and committed this change, although the code logic
>>>> has
>>>> >> > >> not been changed.
>>>> >> > >>
>>>> >> > >> Also, make sure that you do this:
>>>> >> > >>
>>>> >> > >> sessionManager.sessionMode = native
>>>> >> > >>
>>>> >> > >> before you try to inject the SessionDAO. The above call will
>>>> >> > >> automatically substitute the ServletContainerSessionManager for a
>>>> >> > >> DefaultWebSessionManager implementation on the fly. This latter
>>>> >> > >> implementation does in fact implement SessionDAOAware and should
>>>> >> > >> readily accept SessionDAO instances that are passed through the
>>>> >> > >> securityManager.setSessionDAO(...) call.
>>>> >> > >>
>>>> >> > >> In the meantime, I'll try to create a unit test with the
>>>> ShiroFilter
>>>> >> > >> to see I can accurately recreate your issue, but I've been
>>>> strapped
>>>> >> > >> for time lately - if you could create one (if possible) and post
>>>> it
>>>> >> to
>>>> >> > >> a Jira issue, that would help a lot.
>>>> >> > >>
>>>> >> > >> Regards,
>>>> >> > >>
>>>> >> > >> Les
>>>> >> > >>
>>>> >> > >> On Tue, Aug 18, 2009 at 11:34 AM, Les
>>>> >> Hazlewood<lh...@apache.org>
>>>> >> > >> wrote:
>>>> >> > >> > Hi Andy,
>>>> >> > >> >
>>>> >> > >> > Thanks very much for sending this along - it is very helpful.
>>>> I'll
>>>> >> > be
>>>> >> > >> > able to look into this a bit more later tonight.
>>>> >> > >> >
>>>> >> > >> > Regards,
>>>> >> > >> >
>>>> >> > >> > Les
>>>> >> > >> >
>>>> >> > >> > On Tue, Aug 18, 2009 at 11:21 AM, Andy
>>>> >> Tripp<An...@vonage.com>
>>>> >> > >> wrote:
>>>> >> > >> >> Les,
>>>> >> > >> >> I tracked this problem down through a maze of try/catch blocks,
>>>> I
>>>> >> > see
>>>> >> > >> this exception:
>>>> >> > >> >>
>>>> >> > >> >> javax.servlet.ServletException: Unable to load from text
>>>> >> > configuration.
>>>> >> > >> e2=org.apache.shiro.config.ConfigurationException:
>>>> >> > >> org.apache.shiro.config.ConfigurationException: Unable to set
>>>> >> property
>>>> >> > >> [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a
>>>> >> reference
>>>> >> > to
>>>> >> > >> another (previously defined) object, please prefix it with '$' to
>>>> >> > indicate
>>>> >> > >> that the referenced object should be used as the actual value.
>>>> For
>>>> >> > >> example, $$sessionDAO
>>>> >> > >> >>
>>>> >> > >> >> ...which I tracked down to the
>>>> ReflectionBuilder.applyProperty()
>>>> >> > method
>>>> >> > >> calling BeanUtils.setProperty() and catching an
>>>> InvocationException.
>>>> >> > The
>>>> >> > >> cause of that exception is:
>>>> >> > >> >>
>>>> >> > >> >> java.lang.IllegalArgumentException: The underlying session
>>>> manager
>>>> >> > is
>>>> >> > >> null or does not implement the
>>>> >> > org.apache.shiro.session.mgt.eis.SessionDAO
>>>> >> > >> >> interface, which is required if the underlying instance is to
>>>> >> > receive
>>>> >> > >> the sessionDAO argument.
>>>> >> > >> >>
>>>> >> > >> >>
>>>> >> > >> >> ...which comes from SessionsSecurityManager.setSessionDAO(),
>>>> which
>>>> >> > >> checks
>>>> >> > >> >> to see that the SessionDAO parameter implements
>>>> SessionDAOAware.
>>>> >> The
>>>> >> > >> passed value is actually of class ServletContainerSessionManager,
>>>> >> which
>>>> >> > >> does NOT
>>>> >> > >> >> implement SessionDAOAware.
>>>> >> > >> >>
>>>> >> > >> >> So I guess the mystery is why we're getting setSessionDAO()
>>>> being
>>>> >> > >> passed a ServletContainerSessionManager, when in fact we have this
>>>> >> > config
>>>> >> > >> line:
>>>> >> > >> >>
>>>> >> > >> >> sessionDAO =
>>>> org.apache.shiro.session.mgt.eis.MemorySessionDAO
>>>> >> > >> >>
>>>> >> > >> >> Hope this helps,
>>>> >> > >> >> Andy
>>>> >> > >> >>
>>>> >> > >> >>
>>>> >> > >> >>
>>>> >> > >> >>
>>>> >> > >> >>> -----Original Message-----
>>>> >> > >> >>> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
>>>> >> > >> >>> Sent: Tuesday, August 18, 2009 10:04 AM
>>>> >> > >> >>> To: shiro-user@incubator.apache.org
>>>> >> > >> >>> Subject: RE: need more help with SSO
>>>> >> > >> >>>
>>>> >> > >> >>> Les,
>>>> >> > >> >>>
>>>> >> > >> >>> I tried what you have below and still get the same "Unable to
>>>> >> load
>>>> >> > >> from
>>>> >> > >> >>> text configuration" error. I tried it with the latest Shiro. I
>>>> >> > >> narrowed
>>>> >> > >> >>> the problem down to this line:
>>>> >> > >> >>>
>>>> >> > >> >>> securityManager.sessionDAO = $sessionDAO
>>>> >> > >> >>>
>>>> >> > >> >>> I get no errors with that line commented out.
>>>> >> > >> >>>
>>>> >> > >> >>> Any ideas? If not, I could put some tracing in the
>>>> >> > >> OncePerRequestFilter
>>>> >> > >> >>> class to narrow the problem down further.
>>>> >> > >> >>>
>>>> >> > >> >>> Andy
>>>> >> > >> >>>
>>>> >> > >> >>> > -----Original Message-----
>>>> >> > >> >>> > From: les.hazlewood@anjinllc.com
>>>> >> > [mailto:les.hazlewood@anjinllc.com]
>>>> >> > >> On
>>>> >> > >> >>> > Behalf Of Les Hazlewood
>>>> >> > >> >>> > Sent: Monday, August 17, 2009 5:11 PM
>>>> >> > >> >>> > To: shiro-user@incubator.apache.org
>>>> >> > >> >>> > Subject: Re: need more help with SSO
>>>> >> > >> >>> >
>>>> >> > >> >>> > Hi Andy,
>>>> >> > >> >>> >
>>>> >> > >> >>> > I just verified that this simple test config works, although
>>>> >> not
>>>> >> > in
>>>> >> > >> a
>>>> >> > >> >>> > web environment:
>>>> >> > >> >>> >
>>>> >> > >> >>> > ----
>>>> >> > >> >>> > realmA = org.apache.shiro.realm.text.PropertiesRealm
>>>> >> > >> >>> >
>>>> >> > >> >>> > securityManager.sessionMode = native
>>>> >> > >> >>> >
>>>> >> > >> >>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
>>>> >> > >> >>> >
>>>> >> > >> >>> > sessionDAO =
>>>> org.apache.shiro.session.mgt.eis.MemorySessionDAO
>>>> >> > >> >>> > sessionDAO.cacheManager = $cacheManager
>>>> >> > >> >>> > securityManager.sessionDAO = $sessionDAO
>>>> >> > >> >>> > securityManager.cacheManager = $cacheManager
>>>> >> > >> >>> >
>>>> >> > >> >>> > securityManager.realm = $realmA
>>>> >> > >> >>> > ----
>>>> >> > >> >>> >
>>>> >> > >> >>> > Could you please try that out and see if it works in your
>>>> web
>>>> >> > >> >>> > environment? If so, can you try substituting the
>>>> >> > >> DefaultCacheManager
>>>> >> > >> >>> > implementation (and your realm implementation) with with
>>>> your
>>>> >> > >> >>> > implementations and see what happens?
>>>> >> > >> >>> >
>>>> >> > >> >>> > - Les
>>>> >> > >> >>> >
>>>> >> > >> >>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy
>>>> >> > Tripp<An...@vonage.com>
>>>> >> > >> >>> > wrote:
>>>> >> > >> >>> > > Here's the complete tomcat log file:
>>>> >> > >> >>> > >
>>>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>>>> >> > org.apache.catalina.core.StandardContext
>>>> >> > >> >>> > filterStart
>>>> >> > >> >>> > > SEVERE: Exception starting filter ShiroFilter
>>>> >> > >> >>> > > javax.servlet.ServletException: Unable to load from text
>>>> >> > >> >>> configuration.
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
>>>> >> > >> >>> > r.java:148)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
>>>> >> > >> >>> > erConfig.java:221)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
>>>> >> > >> >>> > ilterConfig.java:302)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
>>>> >> > >> >>> > onfig.java:78)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
>>>> >> > >> >>> > 3635)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
>>>> >> > >> >>> > :760)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >>
>>>> >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >>
>>>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
>>>> >> > >> >>> > )
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
>>>> >> > >> >>> > 90)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >>
>>>> >> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
>>>> >> > >> >>> > ort.java:120)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >>
>>>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >>
>>>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >>
>>>> >> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >>
>>>> >> >
>>>> org.apache.catalina.core.StandardService.start(StandardService.java:448)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >>
>>>> >> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>>>> >> > >> >>> > > at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>> >> > >> Method)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>>>> >> > >> >>> > 39)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> >> > >> >>>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
>>>> >> > >> >>> > pl.java:25)
>>>> >> > >> >>> > > at java.lang.reflect.Method.invoke(Method.java:597)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> >
>>>> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>>>> >> > >> >>> > > at
>>>> >> > >> >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
>>>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>>>> >> > >> org.apache.catalina.core.ApplicationContext
>>>> >> > >> >>> log
>>>> >> > >> >>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init():
>>>> >> > >> ruleChain:
>>>> >> > >> >>> > [org.apache.webapp.balancer.RuleChain:
>>>> >> > >> >>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target
>>>> >> > string:
>>>> >> > >> >>> News
>>>> >> > >> >>> > / Redirect URL: http://www.cnn.com],
>>>> >> > >> >>> > [org.apache.webapp.balancer.rules.RequestParameterRule:
>>>> Target
>>>> >> > param
>>>> >> > >> >>> name:
>>>> >> > >> >>> > paramName / Target param value: paramValue / Redirect URL:
>>>> >> > >> >>> > http://www.yahoo.com],
>>>> >> > >> >>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule:
>>>> >> Redirect
>>>> >> > >> URL:
>>>> >> > >> >>> > http://jakarta.apache.org]]
>>>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>>>> >> > >> org.apache.catalina.core.ApplicationContext
>>>> >> > >> >>> log
>>>> >> > >> >>> > > INFO: ContextListener: contextInitialized()
>>>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>>>> >> > >> org.apache.catalina.core.ApplicationContext
>>>> >> > >> >>> log
>>>> >> > >> >>> > > INFO: SessionListener: contextInitialized()
>>>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>>>> >> > >> org.apache.catalina.core.ApplicationContext
>>>> >> > >> >>> log
>>>> >> > >> >>> > > INFO: ContextListener: contextInitialized()
>>>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>>>> >> > >> org.apache.catalina.core.ApplicationContext
>>>> >> > >> >>> log
>>>> >> > >> >>> > > INFO: SessionListener: contextInitialized()
>>>> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
>>>> >> > >> org.apache.catalina.core.ApplicationContext
>>>> >> > >> >>> log
>>>> >> > >> >>> > > INFO: SessionListener: contextDestroyed()
>>>> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
>>>> >> > >> org.apache.catalina.core.ApplicationContext
>>>> >> > >> >>> log
>>>> >> > >> >>> > > INFO: ContextListener: contextDestroyed()
>>>> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
>>>> >> > >> org.apache.catalina.core.ApplicationContext
>>>> >> > >> >>> log
>>>> >> > >> >>> > > INFO: SessionListener: contextDestroyed()
>>>> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
>>>> >> > >> org.apache.catalina.core.ApplicationContext
>>>> >> > >> >>> log
>>>> >> > >> >>> > > INFO: ContextListener: contextDestroyed()
>>>> >> > >> >>> > >
>>>> >> > >> >>> > >> -----Original Message-----
>>>> >> > >> >>> > >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
>>>> >> > >> >>> > >> Sent: Monday, August 17, 2009 4:24 PM
>>>> >> > >> >>> > >> To: shiro-user@incubator.apache.org
>>>> >> > >> >>> > >> Subject: Re: need more help with SSO
>>>> >> > >> >>> > >>
>>>> >> > >> >>> > >> Hi Andy,
>>>> >> > >> >>> > >>
>>>> >> > >> >>> > >> It goes in the main section, definitely. Is there any
>>>> more
>>>> >> to
>>>> >> > >> the
>>>> >> > >> >>> > >> exception? I'd like to see the entire stack trace if
>>>> >> > possible.
>>>> >> > >> >>> > >>
>>>> >> > >> >>> > >> - Les
>>>> >> > >> >>> > >>
>>>> >> > >> >>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy
>>>> >> > >> Tripp<An...@vonage.com>
>>>> >> > >> >>> > >> wrote:
>>>> >> > >> >>> > >> > I created my own Cache and CacheManager:
>>>> >> > >> >>> > >> >
>>>> >> > >> >>> > >> > public class VonageDistributedSessionCache implements
>>>> >> Cache
>>>> >> > {
>>>> >> > >> >>> > >> > public VonageDistributedSessionCache(String name) {
>>>> >> > >> >>> > >> >
>>>> System.err.println("VonageDistributedSessionCache
>>>> >> > >> >>> > >> > constructor.");
>>>> >> > >> >>> > >> > }
>>>> >> > >> >>> > >> > ...
>>>> >> > >> >>> > >> > }
>>>> >> > >> >>> > >> >
>>>> >> > >> >>> > >> > public class VonageDistributedSessionCacheManager
>>>> >> implements
>>>> >> > >> >>> > >> > CacheManager {
>>>> >> > >> >>> > >> > public Cache getCache(String name) throws
>>>> >> CacheException
>>>> >> > {
>>>> >> > >> >>> > >> > return new VonageDistributedSessionCache(name);
>>>> >> > >> >>> > >> > }
>>>> >> > >> >>> > >> > }
>>>> >> > >> >>> > >> >
>>>> >> > >> >>> > >> > Then in [main] section of my ShiroFilter in web.xml, I
>>>> >> have:
>>>> >> > >> >>> > >> > [main]
>>>> >> > >> >>> > >> > realmA =
>>>> >> com.vonage.auth.client.VonageAuthenticationRealm
>>>> >> > >> >>> > >> >
>>>> >> > >> >>> > >> > securityManager.sessionMode = native
>>>> >> > >> >>> > >> >
>>>> >> > >> >>> > >> > And when I add this:
>>>> >> > >> >>> > >> > # pull in vonage centralized authentication:
>>>> >> > >> >>> > >> > cacheManager =
>>>> >> > >> >>> > >> >
>>>> >> com.vonage.auth.client.VonageDistributedSessionCacheManager
>>>> >> > >> >>> > >> > sessionDAO =
>>>> >> > org.apache.shiro.session.mgt.eis.MemorySessionDAO
>>>> >> > >> >>> > >> > sessionDAO.cacheManager = $cacheManager
>>>> >> > >> >>> > >> > securityManager.sessionDAO = $sessionDAO
>>>> >> > >> >>> > >> > securityManager.cacheManager = $cacheManager
>>>> >> > >> >>> > >> >
>>>> >> > >> >>> > >> > ...I get this error:
>>>> >> > >> >>> > >> > javax.servlet.ServletException: Unable to load from
>>>> text
>>>> >> > >> >>> > configuration.
>>>> >> > >> >>> > >> >
>>>> >> > >> >>> > >> > So...does this injection go here in the [main] section
>>>> of
>>>> >> > >> >>> > ShiroFilter,
>>>> >> > >> >>> > >> > or somewhere else?
>>>> >> > >> >>> > >> >
>>>> >> > >> >>> > >> > Thanks,
>>>> >> > >> >>> > >> > Andy
>>>> >> > >> >>> > >> >
>>>> >> > >> >>> > >
>>>> >> > >> >>
>>>> >> > >> >
>>>> >> > >
>>>> >
>>>
>>
>
Re: need more help with SSO
Posted by Les Hazlewood <lh...@apache.org>.
Hi Andy,
I had to move the issue to Shiro's issue space (Ki is now defunct):
https://issues.apache.org/jira/browse/SHIRO-85
Regards,
Les
On Thu, Aug 20, 2009 at 2:30 PM, Les Hazlewood<lh...@apache.org> wrote:
> Thanks!
>
> On Thu, Aug 20, 2009 at 2:02 PM, Andy Tripp<An...@vonage.com> wrote:
>> Jira issue created:
>> https://issues.apache.org/jira/browse/KI-82
>>
>>> -----Original Message-----
>>> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
>>> Behalf Of Les Hazlewood
>>> Sent: Thursday, August 20, 2009 11:53 AM
>>> To: shiro-user@incubator.apache.org
>>> Subject: Re: need more help with SSO
>>>
>>> Hi Andy,
>>>
>>> Can you please make note of this in a Jira issue? I'll fix it right
>>> away, but I'd like a record of this so when I modify the code, I can
>>> comment exactly why the change is required to ensure someone in the
>>> future doesn't accidentally revert the change.
>>>
>>> Thanks!
>>>
>>> Les
>>>
>>> On Thu, Aug 20, 2009 at 11:27 AM, Andy Tripp<An...@vonage.com>
>>> wrote:
>>> > Les,
>>> >
>>> > I finally found the problem. This line...
>>> > securityManager.sessionDAO = $sessionDAO
>>> > ...was being processed BEFORE this line...
>>> > securityManager.sessionManager = $sessionManager
>>> >
>>> > In ReflectionBuilder.buildObjects(), instanceMap and propertyMap need to
>>> be LinkedHashMap type, not just HashMap. With HashMap, the properties in
>>> ShiroFilter are being processed in arbitrary order, rather than the order
>>> listed. That would explain why it works for you and not me - you got
>>> unlucky :)
>>> >
>>> > Andy
>>> >
>>> >
>>> >> -----Original Message-----
>>> >> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
>>> >> Sent: Wednesday, August 19, 2009 4:02 PM
>>> >> To: shiro-user@incubator.apache.org
>>> >> Subject: RE: need more help with SSO
>>> >>
>>> >> Les,
>>> >> Sorry, that last email was a mistake on my part.
>>> >>
>>> >> Les,
>>> >>
>>> >> What I'm seeing now is that the DefaultWebSecurityManager instance's
>>> >> SessionManager is always set to ServletContainerSessionManager, when it
>>> >> should be a DefaultWebSessionManager. I tried adding these to my
>>> config:
>>> >>
>>> >> sessionManager =
>>> org.apache.shiro.web.session.DefaultWebSessionManager
>>> >> securityManager.sessionManager = $sessionManager
>>> >>
>>> >> ...but still, the DefaultWebSecurityManager.sessionManager field is an
>>> >> instance of ServletContainerSessionManager.
>>> >>
>>> >> I'm stumped. I guess I'm not clear on what SecurityManager instance is
>>> >> being called by this config stuff. Perhaps I'm missing some sort of:
>>> >> something.securityManager = securityManager
>>> >>
>>> >> Andy
>>> >> p.s. here's my full [main] section of my filter:
>>> >>
>>> >> realmA = org.apache.shiro.realm.text.PropertiesRealm
>>> >> securityManager = org.apache.shiro.web.DefaultWebSecurityManager
>>> >> sessionManager =
>>> >> org.apache.shiro.web.session.DefaultWebSessionManager
>>> >> securityManager.sessionManager = $sessionManager
>>> >>
>>> >> securityManager.sessionMode = native
>>> >>
>>> >> cacheManager = org.apache.shiro.cache.DefaultCacheManager
>>> >>
>>> >> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>>> >> sessionDAO.cacheManager = $cacheManager
>>> >> securityManager.sessionDAO = $sessionDAO
>>> >> securityManager.cacheManager = $cacheManager
>>> >>
>>> >> securityManager.realm = $realmA
>>> >>
>>> >> > -----Original Message-----
>>> >> > From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com]
>>> On
>>> >> > Behalf Of Les Hazlewood
>>> >> > Sent: Wednesday, August 19, 2009 2:20 PM
>>> >> > To: shiro-user@incubator.apache.org
>>> >> > Subject: Re: need more help with SSO
>>> >> >
>>> >> > Hrm - that would be very odd if the DefaultWebSecurityManager was not
>>> >> > the instance - that is what the ShiroFilter enables at startup by
>>> >> > default. Just in case, try this as your very first config line:
>>> >> >
>>> >> > securityManager = org.apache.shiro.web.DefaultWebSecurityManager
>>> >> >
>>> >> > What does your debugger say is the securityManager instance?
>>> >> > Something is very strange...
>>> >> >
>>> >> > Thanks for the extra info. Are there any JUnit tests you might be
>>> >> > able to send our way?
>>> >> >
>>> >> > - Les
>>> >> >
>>> >> > On Wed, Aug 19, 2009 at 1:56 PM, Andy Tripp<An...@vonage.com>
>>> >> > wrote:
>>> >> > > Les,
>>> >> > > I put tracing code in DefaultWebSecurityManager.setSessionMode(),
>>> and
>>> >> it
>>> >> > appears that this method is not getting called. So the
>>> >> > ServletContainerSessionManager is not getting replace by a
>>> >> > DefaultWebSessionManager. So it appears that this line in the filter
>>> >> > config:
>>> >> > >
>>> >> > > securityManager.sessionMode = native
>>> >> > >
>>> >> > > is having no effect (note that it's securityManager, not
>>> >> sessionManager
>>> >> > as you suggest in the previous response).
>>> >> > >
>>> >> > > I'll keep trying to track it down further, any pointers would be
>>> >> > appreciated. I'm off to try to find the some SecurityManager
>>> instance,
>>> >> > which I suspect is something other than a DefaultWebSecurityManager,
>>> >> which
>>> >> > would mean that this config line is failing silently.
>>> >> > >
>>> >> > > Obviously, all this dependency injection via XML is driving me
>>> >> > completely crazy. I may be allergic to server-side Java :)
>>> >> > >
>>> >> > > Andy
>>> >> > >
>>> >> > >> -----Original Message-----
>>> >> > >> From: les.hazlewood@anjinllc.com
>>> [mailto:les.hazlewood@anjinllc.com]
>>> >> On
>>> >> > >> Behalf Of Les Hazlewood
>>> >> > >> Sent: Wednesday, August 19, 2009 12:46 PM
>>> >> > >> To: shiro-user@incubator.apache.org
>>> >> > >> Subject: Re: need more help with SSO
>>> >> > >>
>>> >> > >> Hi Andy,
>>> >> > >>
>>> >> > >> A quick note about the message: that was a bug in the exception
>>> >> > >> message, but the code is working as expected: if the wrapped
>>> >> > >> SessionManager does not implement the SessionDAOAware interface,
>>> it
>>> >> > >> cannot be injected with a SessionDAO. I have since fixed the
>>> message
>>> >> > >> to be correct and committed this change, although the code logic
>>> has
>>> >> > >> not been changed.
>>> >> > >>
>>> >> > >> Also, make sure that you do this:
>>> >> > >>
>>> >> > >> sessionManager.sessionMode = native
>>> >> > >>
>>> >> > >> before you try to inject the SessionDAO. The above call will
>>> >> > >> automatically substitute the ServletContainerSessionManager for a
>>> >> > >> DefaultWebSessionManager implementation on the fly. This latter
>>> >> > >> implementation does in fact implement SessionDAOAware and should
>>> >> > >> readily accept SessionDAO instances that are passed through the
>>> >> > >> securityManager.setSessionDAO(...) call.
>>> >> > >>
>>> >> > >> In the meantime, I'll try to create a unit test with the
>>> ShiroFilter
>>> >> > >> to see I can accurately recreate your issue, but I've been
>>> strapped
>>> >> > >> for time lately - if you could create one (if possible) and post
>>> it
>>> >> to
>>> >> > >> a Jira issue, that would help a lot.
>>> >> > >>
>>> >> > >> Regards,
>>> >> > >>
>>> >> > >> Les
>>> >> > >>
>>> >> > >> On Tue, Aug 18, 2009 at 11:34 AM, Les
>>> >> Hazlewood<lh...@apache.org>
>>> >> > >> wrote:
>>> >> > >> > Hi Andy,
>>> >> > >> >
>>> >> > >> > Thanks very much for sending this along - it is very helpful.
>>> I'll
>>> >> > be
>>> >> > >> > able to look into this a bit more later tonight.
>>> >> > >> >
>>> >> > >> > Regards,
>>> >> > >> >
>>> >> > >> > Les
>>> >> > >> >
>>> >> > >> > On Tue, Aug 18, 2009 at 11:21 AM, Andy
>>> >> Tripp<An...@vonage.com>
>>> >> > >> wrote:
>>> >> > >> >> Les,
>>> >> > >> >> I tracked this problem down through a maze of try/catch blocks,
>>> I
>>> >> > see
>>> >> > >> this exception:
>>> >> > >> >>
>>> >> > >> >> javax.servlet.ServletException: Unable to load from text
>>> >> > configuration.
>>> >> > >> e2=org.apache.shiro.config.ConfigurationException:
>>> >> > >> org.apache.shiro.config.ConfigurationException: Unable to set
>>> >> property
>>> >> > >> [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a
>>> >> reference
>>> >> > to
>>> >> > >> another (previously defined) object, please prefix it with '$' to
>>> >> > indicate
>>> >> > >> that the referenced object should be used as the actual value.
>>> For
>>> >> > >> example, $$sessionDAO
>>> >> > >> >>
>>> >> > >> >> ...which I tracked down to the
>>> ReflectionBuilder.applyProperty()
>>> >> > method
>>> >> > >> calling BeanUtils.setProperty() and catching an
>>> InvocationException.
>>> >> > The
>>> >> > >> cause of that exception is:
>>> >> > >> >>
>>> >> > >> >> java.lang.IllegalArgumentException: The underlying session
>>> manager
>>> >> > is
>>> >> > >> null or does not implement the
>>> >> > org.apache.shiro.session.mgt.eis.SessionDAO
>>> >> > >> >> interface, which is required if the underlying instance is to
>>> >> > receive
>>> >> > >> the sessionDAO argument.
>>> >> > >> >>
>>> >> > >> >>
>>> >> > >> >> ...which comes from SessionsSecurityManager.setSessionDAO(),
>>> which
>>> >> > >> checks
>>> >> > >> >> to see that the SessionDAO parameter implements
>>> SessionDAOAware.
>>> >> The
>>> >> > >> passed value is actually of class ServletContainerSessionManager,
>>> >> which
>>> >> > >> does NOT
>>> >> > >> >> implement SessionDAOAware.
>>> >> > >> >>
>>> >> > >> >> So I guess the mystery is why we're getting setSessionDAO()
>>> being
>>> >> > >> passed a ServletContainerSessionManager, when in fact we have this
>>> >> > config
>>> >> > >> line:
>>> >> > >> >>
>>> >> > >> >> sessionDAO =
>>> org.apache.shiro.session.mgt.eis.MemorySessionDAO
>>> >> > >> >>
>>> >> > >> >> Hope this helps,
>>> >> > >> >> Andy
>>> >> > >> >>
>>> >> > >> >>
>>> >> > >> >>
>>> >> > >> >>
>>> >> > >> >>> -----Original Message-----
>>> >> > >> >>> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
>>> >> > >> >>> Sent: Tuesday, August 18, 2009 10:04 AM
>>> >> > >> >>> To: shiro-user@incubator.apache.org
>>> >> > >> >>> Subject: RE: need more help with SSO
>>> >> > >> >>>
>>> >> > >> >>> Les,
>>> >> > >> >>>
>>> >> > >> >>> I tried what you have below and still get the same "Unable to
>>> >> load
>>> >> > >> from
>>> >> > >> >>> text configuration" error. I tried it with the latest Shiro. I
>>> >> > >> narrowed
>>> >> > >> >>> the problem down to this line:
>>> >> > >> >>>
>>> >> > >> >>> securityManager.sessionDAO = $sessionDAO
>>> >> > >> >>>
>>> >> > >> >>> I get no errors with that line commented out.
>>> >> > >> >>>
>>> >> > >> >>> Any ideas? If not, I could put some tracing in the
>>> >> > >> OncePerRequestFilter
>>> >> > >> >>> class to narrow the problem down further.
>>> >> > >> >>>
>>> >> > >> >>> Andy
>>> >> > >> >>>
>>> >> > >> >>> > -----Original Message-----
>>> >> > >> >>> > From: les.hazlewood@anjinllc.com
>>> >> > [mailto:les.hazlewood@anjinllc.com]
>>> >> > >> On
>>> >> > >> >>> > Behalf Of Les Hazlewood
>>> >> > >> >>> > Sent: Monday, August 17, 2009 5:11 PM
>>> >> > >> >>> > To: shiro-user@incubator.apache.org
>>> >> > >> >>> > Subject: Re: need more help with SSO
>>> >> > >> >>> >
>>> >> > >> >>> > Hi Andy,
>>> >> > >> >>> >
>>> >> > >> >>> > I just verified that this simple test config works, although
>>> >> not
>>> >> > in
>>> >> > >> a
>>> >> > >> >>> > web environment:
>>> >> > >> >>> >
>>> >> > >> >>> > ----
>>> >> > >> >>> > realmA = org.apache.shiro.realm.text.PropertiesRealm
>>> >> > >> >>> >
>>> >> > >> >>> > securityManager.sessionMode = native
>>> >> > >> >>> >
>>> >> > >> >>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
>>> >> > >> >>> >
>>> >> > >> >>> > sessionDAO =
>>> org.apache.shiro.session.mgt.eis.MemorySessionDAO
>>> >> > >> >>> > sessionDAO.cacheManager = $cacheManager
>>> >> > >> >>> > securityManager.sessionDAO = $sessionDAO
>>> >> > >> >>> > securityManager.cacheManager = $cacheManager
>>> >> > >> >>> >
>>> >> > >> >>> > securityManager.realm = $realmA
>>> >> > >> >>> > ----
>>> >> > >> >>> >
>>> >> > >> >>> > Could you please try that out and see if it works in your
>>> web
>>> >> > >> >>> > environment? If so, can you try substituting the
>>> >> > >> DefaultCacheManager
>>> >> > >> >>> > implementation (and your realm implementation) with with
>>> your
>>> >> > >> >>> > implementations and see what happens?
>>> >> > >> >>> >
>>> >> > >> >>> > - Les
>>> >> > >> >>> >
>>> >> > >> >>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy
>>> >> > Tripp<An...@vonage.com>
>>> >> > >> >>> > wrote:
>>> >> > >> >>> > > Here's the complete tomcat log file:
>>> >> > >> >>> > >
>>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>>> >> > org.apache.catalina.core.StandardContext
>>> >> > >> >>> > filterStart
>>> >> > >> >>> > > SEVERE: Exception starting filter ShiroFilter
>>> >> > >> >>> > > javax.servlet.ServletException: Unable to load from text
>>> >> > >> >>> configuration.
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
>>> >> > >> >>> > r.java:148)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
>>> >> > >> >>> > erConfig.java:221)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
>>> >> > >> >>> > ilterConfig.java:302)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
>>> >> > >> >>> > onfig.java:78)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
>>> >> > >> >>> > 3635)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
>>> >> > >> >>> > :760)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >>
>>> >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >>
>>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
>>> >> > >> >>> > )
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
>>> >> > >> >>> > 90)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >>
>>> >> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
>>> >> > >> >>> > ort.java:120)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >>
>>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >>
>>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >>
>>> >> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >>
>>> >> >
>>> org.apache.catalina.core.StandardService.start(StandardService.java:448)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >>
>>> >> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
>>> >> > >> >>> > > at
>>> >> > >> >>> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>>> >> > >> >>> > > at
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>> >> > >> Method)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>>> >> > >> >>> > 39)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> >> > >> >>>
>>> >> > >>
>>> >> >
>>> >>
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
>>> >> > >> >>> > pl.java:25)
>>> >> > >> >>> > > at java.lang.reflect.Method.invoke(Method.java:597)
>>> >> > >> >>> > > at
>>> >> > >> >>> >
>>> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>>> >> > >> >>> > > at
>>> >> > >> >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
>>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>>> >> > >> org.apache.catalina.core.ApplicationContext
>>> >> > >> >>> log
>>> >> > >> >>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init():
>>> >> > >> ruleChain:
>>> >> > >> >>> > [org.apache.webapp.balancer.RuleChain:
>>> >> > >> >>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target
>>> >> > string:
>>> >> > >> >>> News
>>> >> > >> >>> > / Redirect URL: http://www.cnn.com],
>>> >> > >> >>> > [org.apache.webapp.balancer.rules.RequestParameterRule:
>>> Target
>>> >> > param
>>> >> > >> >>> name:
>>> >> > >> >>> > paramName / Target param value: paramValue / Redirect URL:
>>> >> > >> >>> > http://www.yahoo.com],
>>> >> > >> >>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule:
>>> >> Redirect
>>> >> > >> URL:
>>> >> > >> >>> > http://jakarta.apache.org]]
>>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>>> >> > >> org.apache.catalina.core.ApplicationContext
>>> >> > >> >>> log
>>> >> > >> >>> > > INFO: ContextListener: contextInitialized()
>>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>>> >> > >> org.apache.catalina.core.ApplicationContext
>>> >> > >> >>> log
>>> >> > >> >>> > > INFO: SessionListener: contextInitialized()
>>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>>> >> > >> org.apache.catalina.core.ApplicationContext
>>> >> > >> >>> log
>>> >> > >> >>> > > INFO: ContextListener: contextInitialized()
>>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>>> >> > >> org.apache.catalina.core.ApplicationContext
>>> >> > >> >>> log
>>> >> > >> >>> > > INFO: SessionListener: contextInitialized()
>>> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
>>> >> > >> org.apache.catalina.core.ApplicationContext
>>> >> > >> >>> log
>>> >> > >> >>> > > INFO: SessionListener: contextDestroyed()
>>> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
>>> >> > >> org.apache.catalina.core.ApplicationContext
>>> >> > >> >>> log
>>> >> > >> >>> > > INFO: ContextListener: contextDestroyed()
>>> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
>>> >> > >> org.apache.catalina.core.ApplicationContext
>>> >> > >> >>> log
>>> >> > >> >>> > > INFO: SessionListener: contextDestroyed()
>>> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
>>> >> > >> org.apache.catalina.core.ApplicationContext
>>> >> > >> >>> log
>>> >> > >> >>> > > INFO: ContextListener: contextDestroyed()
>>> >> > >> >>> > >
>>> >> > >> >>> > >> -----Original Message-----
>>> >> > >> >>> > >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
>>> >> > >> >>> > >> Sent: Monday, August 17, 2009 4:24 PM
>>> >> > >> >>> > >> To: shiro-user@incubator.apache.org
>>> >> > >> >>> > >> Subject: Re: need more help with SSO
>>> >> > >> >>> > >>
>>> >> > >> >>> > >> Hi Andy,
>>> >> > >> >>> > >>
>>> >> > >> >>> > >> It goes in the main section, definitely. Is there any
>>> more
>>> >> to
>>> >> > >> the
>>> >> > >> >>> > >> exception? I'd like to see the entire stack trace if
>>> >> > possible.
>>> >> > >> >>> > >>
>>> >> > >> >>> > >> - Les
>>> >> > >> >>> > >>
>>> >> > >> >>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy
>>> >> > >> Tripp<An...@vonage.com>
>>> >> > >> >>> > >> wrote:
>>> >> > >> >>> > >> > I created my own Cache and CacheManager:
>>> >> > >> >>> > >> >
>>> >> > >> >>> > >> > public class VonageDistributedSessionCache implements
>>> >> Cache
>>> >> > {
>>> >> > >> >>> > >> > public VonageDistributedSessionCache(String name) {
>>> >> > >> >>> > >> >
>>> System.err.println("VonageDistributedSessionCache
>>> >> > >> >>> > >> > constructor.");
>>> >> > >> >>> > >> > }
>>> >> > >> >>> > >> > ...
>>> >> > >> >>> > >> > }
>>> >> > >> >>> > >> >
>>> >> > >> >>> > >> > public class VonageDistributedSessionCacheManager
>>> >> implements
>>> >> > >> >>> > >> > CacheManager {
>>> >> > >> >>> > >> > public Cache getCache(String name) throws
>>> >> CacheException
>>> >> > {
>>> >> > >> >>> > >> > return new VonageDistributedSessionCache(name);
>>> >> > >> >>> > >> > }
>>> >> > >> >>> > >> > }
>>> >> > >> >>> > >> >
>>> >> > >> >>> > >> > Then in [main] section of my ShiroFilter in web.xml, I
>>> >> have:
>>> >> > >> >>> > >> > [main]
>>> >> > >> >>> > >> > realmA =
>>> >> com.vonage.auth.client.VonageAuthenticationRealm
>>> >> > >> >>> > >> >
>>> >> > >> >>> > >> > securityManager.sessionMode = native
>>> >> > >> >>> > >> >
>>> >> > >> >>> > >> > And when I add this:
>>> >> > >> >>> > >> > # pull in vonage centralized authentication:
>>> >> > >> >>> > >> > cacheManager =
>>> >> > >> >>> > >> >
>>> >> com.vonage.auth.client.VonageDistributedSessionCacheManager
>>> >> > >> >>> > >> > sessionDAO =
>>> >> > org.apache.shiro.session.mgt.eis.MemorySessionDAO
>>> >> > >> >>> > >> > sessionDAO.cacheManager = $cacheManager
>>> >> > >> >>> > >> > securityManager.sessionDAO = $sessionDAO
>>> >> > >> >>> > >> > securityManager.cacheManager = $cacheManager
>>> >> > >> >>> > >> >
>>> >> > >> >>> > >> > ...I get this error:
>>> >> > >> >>> > >> > javax.servlet.ServletException: Unable to load from
>>> text
>>> >> > >> >>> > configuration.
>>> >> > >> >>> > >> >
>>> >> > >> >>> > >> > So...does this injection go here in the [main] section
>>> of
>>> >> > >> >>> > ShiroFilter,
>>> >> > >> >>> > >> > or somewhere else?
>>> >> > >> >>> > >> >
>>> >> > >> >>> > >> > Thanks,
>>> >> > >> >>> > >> > Andy
>>> >> > >> >>> > >> >
>>> >> > >> >>> > >
>>> >> > >> >>
>>> >> > >> >
>>> >> > >
>>> >
>>
>
Re: need more help with SSO
Posted by Les Hazlewood <lh...@apache.org>.
Thanks!
On Thu, Aug 20, 2009 at 2:02 PM, Andy Tripp<An...@vonage.com> wrote:
> Jira issue created:
> https://issues.apache.org/jira/browse/KI-82
>
>> -----Original Message-----
>> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
>> Behalf Of Les Hazlewood
>> Sent: Thursday, August 20, 2009 11:53 AM
>> To: shiro-user@incubator.apache.org
>> Subject: Re: need more help with SSO
>>
>> Hi Andy,
>>
>> Can you please make note of this in a Jira issue? I'll fix it right
>> away, but I'd like a record of this so when I modify the code, I can
>> comment exactly why the change is required to ensure someone in the
>> future doesn't accidentally revert the change.
>>
>> Thanks!
>>
>> Les
>>
>> On Thu, Aug 20, 2009 at 11:27 AM, Andy Tripp<An...@vonage.com>
>> wrote:
>> > Les,
>> >
>> > I finally found the problem. This line...
>> > securityManager.sessionDAO = $sessionDAO
>> > ...was being processed BEFORE this line...
>> > securityManager.sessionManager = $sessionManager
>> >
>> > In ReflectionBuilder.buildObjects(), instanceMap and propertyMap need to
>> be LinkedHashMap type, not just HashMap. With HashMap, the properties in
>> ShiroFilter are being processed in arbitrary order, rather than the order
>> listed. That would explain why it works for you and not me - you got
>> unlucky :)
>> >
>> > Andy
>> >
>> >
>> >> -----Original Message-----
>> >> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
>> >> Sent: Wednesday, August 19, 2009 4:02 PM
>> >> To: shiro-user@incubator.apache.org
>> >> Subject: RE: need more help with SSO
>> >>
>> >> Les,
>> >> Sorry, that last email was a mistake on my part.
>> >>
>> >> Les,
>> >>
>> >> What I'm seeing now is that the DefaultWebSecurityManager instance's
>> >> SessionManager is always set to ServletContainerSessionManager, when it
>> >> should be a DefaultWebSessionManager. I tried adding these to my
>> config:
>> >>
>> >> sessionManager =
>> org.apache.shiro.web.session.DefaultWebSessionManager
>> >> securityManager.sessionManager = $sessionManager
>> >>
>> >> ...but still, the DefaultWebSecurityManager.sessionManager field is an
>> >> instance of ServletContainerSessionManager.
>> >>
>> >> I'm stumped. I guess I'm not clear on what SecurityManager instance is
>> >> being called by this config stuff. Perhaps I'm missing some sort of:
>> >> something.securityManager = securityManager
>> >>
>> >> Andy
>> >> p.s. here's my full [main] section of my filter:
>> >>
>> >> realmA = org.apache.shiro.realm.text.PropertiesRealm
>> >> securityManager = org.apache.shiro.web.DefaultWebSecurityManager
>> >> sessionManager =
>> >> org.apache.shiro.web.session.DefaultWebSessionManager
>> >> securityManager.sessionManager = $sessionManager
>> >>
>> >> securityManager.sessionMode = native
>> >>
>> >> cacheManager = org.apache.shiro.cache.DefaultCacheManager
>> >>
>> >> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> >> sessionDAO.cacheManager = $cacheManager
>> >> securityManager.sessionDAO = $sessionDAO
>> >> securityManager.cacheManager = $cacheManager
>> >>
>> >> securityManager.realm = $realmA
>> >>
>> >> > -----Original Message-----
>> >> > From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com]
>> On
>> >> > Behalf Of Les Hazlewood
>> >> > Sent: Wednesday, August 19, 2009 2:20 PM
>> >> > To: shiro-user@incubator.apache.org
>> >> > Subject: Re: need more help with SSO
>> >> >
>> >> > Hrm - that would be very odd if the DefaultWebSecurityManager was not
>> >> > the instance - that is what the ShiroFilter enables at startup by
>> >> > default. Just in case, try this as your very first config line:
>> >> >
>> >> > securityManager = org.apache.shiro.web.DefaultWebSecurityManager
>> >> >
>> >> > What does your debugger say is the securityManager instance?
>> >> > Something is very strange...
>> >> >
>> >> > Thanks for the extra info. Are there any JUnit tests you might be
>> >> > able to send our way?
>> >> >
>> >> > - Les
>> >> >
>> >> > On Wed, Aug 19, 2009 at 1:56 PM, Andy Tripp<An...@vonage.com>
>> >> > wrote:
>> >> > > Les,
>> >> > > I put tracing code in DefaultWebSecurityManager.setSessionMode(),
>> and
>> >> it
>> >> > appears that this method is not getting called. So the
>> >> > ServletContainerSessionManager is not getting replace by a
>> >> > DefaultWebSessionManager. So it appears that this line in the filter
>> >> > config:
>> >> > >
>> >> > > securityManager.sessionMode = native
>> >> > >
>> >> > > is having no effect (note that it's securityManager, not
>> >> sessionManager
>> >> > as you suggest in the previous response).
>> >> > >
>> >> > > I'll keep trying to track it down further, any pointers would be
>> >> > appreciated. I'm off to try to find the some SecurityManager
>> instance,
>> >> > which I suspect is something other than a DefaultWebSecurityManager,
>> >> which
>> >> > would mean that this config line is failing silently.
>> >> > >
>> >> > > Obviously, all this dependency injection via XML is driving me
>> >> > completely crazy. I may be allergic to server-side Java :)
>> >> > >
>> >> > > Andy
>> >> > >
>> >> > >> -----Original Message-----
>> >> > >> From: les.hazlewood@anjinllc.com
>> [mailto:les.hazlewood@anjinllc.com]
>> >> On
>> >> > >> Behalf Of Les Hazlewood
>> >> > >> Sent: Wednesday, August 19, 2009 12:46 PM
>> >> > >> To: shiro-user@incubator.apache.org
>> >> > >> Subject: Re: need more help with SSO
>> >> > >>
>> >> > >> Hi Andy,
>> >> > >>
>> >> > >> A quick note about the message: that was a bug in the exception
>> >> > >> message, but the code is working as expected: if the wrapped
>> >> > >> SessionManager does not implement the SessionDAOAware interface,
>> it
>> >> > >> cannot be injected with a SessionDAO. I have since fixed the
>> message
>> >> > >> to be correct and committed this change, although the code logic
>> has
>> >> > >> not been changed.
>> >> > >>
>> >> > >> Also, make sure that you do this:
>> >> > >>
>> >> > >> sessionManager.sessionMode = native
>> >> > >>
>> >> > >> before you try to inject the SessionDAO. The above call will
>> >> > >> automatically substitute the ServletContainerSessionManager for a
>> >> > >> DefaultWebSessionManager implementation on the fly. This latter
>> >> > >> implementation does in fact implement SessionDAOAware and should
>> >> > >> readily accept SessionDAO instances that are passed through the
>> >> > >> securityManager.setSessionDAO(...) call.
>> >> > >>
>> >> > >> In the meantime, I'll try to create a unit test with the
>> ShiroFilter
>> >> > >> to see I can accurately recreate your issue, but I've been
>> strapped
>> >> > >> for time lately - if you could create one (if possible) and post
>> it
>> >> to
>> >> > >> a Jira issue, that would help a lot.
>> >> > >>
>> >> > >> Regards,
>> >> > >>
>> >> > >> Les
>> >> > >>
>> >> > >> On Tue, Aug 18, 2009 at 11:34 AM, Les
>> >> Hazlewood<lh...@apache.org>
>> >> > >> wrote:
>> >> > >> > Hi Andy,
>> >> > >> >
>> >> > >> > Thanks very much for sending this along - it is very helpful.
>> I'll
>> >> > be
>> >> > >> > able to look into this a bit more later tonight.
>> >> > >> >
>> >> > >> > Regards,
>> >> > >> >
>> >> > >> > Les
>> >> > >> >
>> >> > >> > On Tue, Aug 18, 2009 at 11:21 AM, Andy
>> >> Tripp<An...@vonage.com>
>> >> > >> wrote:
>> >> > >> >> Les,
>> >> > >> >> I tracked this problem down through a maze of try/catch blocks,
>> I
>> >> > see
>> >> > >> this exception:
>> >> > >> >>
>> >> > >> >> javax.servlet.ServletException: Unable to load from text
>> >> > configuration.
>> >> > >> e2=org.apache.shiro.config.ConfigurationException:
>> >> > >> org.apache.shiro.config.ConfigurationException: Unable to set
>> >> property
>> >> > >> [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a
>> >> reference
>> >> > to
>> >> > >> another (previously defined) object, please prefix it with '$' to
>> >> > indicate
>> >> > >> that the referenced object should be used as the actual value.
>> For
>> >> > >> example, $$sessionDAO
>> >> > >> >>
>> >> > >> >> ...which I tracked down to the
>> ReflectionBuilder.applyProperty()
>> >> > method
>> >> > >> calling BeanUtils.setProperty() and catching an
>> InvocationException.
>> >> > The
>> >> > >> cause of that exception is:
>> >> > >> >>
>> >> > >> >> java.lang.IllegalArgumentException: The underlying session
>> manager
>> >> > is
>> >> > >> null or does not implement the
>> >> > org.apache.shiro.session.mgt.eis.SessionDAO
>> >> > >> >> interface, which is required if the underlying instance is to
>> >> > receive
>> >> > >> the sessionDAO argument.
>> >> > >> >>
>> >> > >> >>
>> >> > >> >> ...which comes from SessionsSecurityManager.setSessionDAO(),
>> which
>> >> > >> checks
>> >> > >> >> to see that the SessionDAO parameter implements
>> SessionDAOAware.
>> >> The
>> >> > >> passed value is actually of class ServletContainerSessionManager,
>> >> which
>> >> > >> does NOT
>> >> > >> >> implement SessionDAOAware.
>> >> > >> >>
>> >> > >> >> So I guess the mystery is why we're getting setSessionDAO()
>> being
>> >> > >> passed a ServletContainerSessionManager, when in fact we have this
>> >> > config
>> >> > >> line:
>> >> > >> >>
>> >> > >> >> sessionDAO =
>> org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> >> > >> >>
>> >> > >> >> Hope this helps,
>> >> > >> >> Andy
>> >> > >> >>
>> >> > >> >>
>> >> > >> >>
>> >> > >> >>
>> >> > >> >>> -----Original Message-----
>> >> > >> >>> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
>> >> > >> >>> Sent: Tuesday, August 18, 2009 10:04 AM
>> >> > >> >>> To: shiro-user@incubator.apache.org
>> >> > >> >>> Subject: RE: need more help with SSO
>> >> > >> >>>
>> >> > >> >>> Les,
>> >> > >> >>>
>> >> > >> >>> I tried what you have below and still get the same "Unable to
>> >> load
>> >> > >> from
>> >> > >> >>> text configuration" error. I tried it with the latest Shiro. I
>> >> > >> narrowed
>> >> > >> >>> the problem down to this line:
>> >> > >> >>>
>> >> > >> >>> securityManager.sessionDAO = $sessionDAO
>> >> > >> >>>
>> >> > >> >>> I get no errors with that line commented out.
>> >> > >> >>>
>> >> > >> >>> Any ideas? If not, I could put some tracing in the
>> >> > >> OncePerRequestFilter
>> >> > >> >>> class to narrow the problem down further.
>> >> > >> >>>
>> >> > >> >>> Andy
>> >> > >> >>>
>> >> > >> >>> > -----Original Message-----
>> >> > >> >>> > From: les.hazlewood@anjinllc.com
>> >> > [mailto:les.hazlewood@anjinllc.com]
>> >> > >> On
>> >> > >> >>> > Behalf Of Les Hazlewood
>> >> > >> >>> > Sent: Monday, August 17, 2009 5:11 PM
>> >> > >> >>> > To: shiro-user@incubator.apache.org
>> >> > >> >>> > Subject: Re: need more help with SSO
>> >> > >> >>> >
>> >> > >> >>> > Hi Andy,
>> >> > >> >>> >
>> >> > >> >>> > I just verified that this simple test config works, although
>> >> not
>> >> > in
>> >> > >> a
>> >> > >> >>> > web environment:
>> >> > >> >>> >
>> >> > >> >>> > ----
>> >> > >> >>> > realmA = org.apache.shiro.realm.text.PropertiesRealm
>> >> > >> >>> >
>> >> > >> >>> > securityManager.sessionMode = native
>> >> > >> >>> >
>> >> > >> >>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
>> >> > >> >>> >
>> >> > >> >>> > sessionDAO =
>> org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> >> > >> >>> > sessionDAO.cacheManager = $cacheManager
>> >> > >> >>> > securityManager.sessionDAO = $sessionDAO
>> >> > >> >>> > securityManager.cacheManager = $cacheManager
>> >> > >> >>> >
>> >> > >> >>> > securityManager.realm = $realmA
>> >> > >> >>> > ----
>> >> > >> >>> >
>> >> > >> >>> > Could you please try that out and see if it works in your
>> web
>> >> > >> >>> > environment? If so, can you try substituting the
>> >> > >> DefaultCacheManager
>> >> > >> >>> > implementation (and your realm implementation) with with
>> your
>> >> > >> >>> > implementations and see what happens?
>> >> > >> >>> >
>> >> > >> >>> > - Les
>> >> > >> >>> >
>> >> > >> >>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy
>> >> > Tripp<An...@vonage.com>
>> >> > >> >>> > wrote:
>> >> > >> >>> > > Here's the complete tomcat log file:
>> >> > >> >>> > >
>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>> >> > org.apache.catalina.core.StandardContext
>> >> > >> >>> > filterStart
>> >> > >> >>> > > SEVERE: Exception starting filter ShiroFilter
>> >> > >> >>> > > javax.servlet.ServletException: Unable to load from text
>> >> > >> >>> configuration.
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
>> >> > >> >>> > r.java:148)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
>> >> > >> >>> > erConfig.java:221)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
>> >> > >> >>> > ilterConfig.java:302)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
>> >> > >> >>> > onfig.java:78)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
>> >> > >> >>> > 3635)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
>> >> > >> >>> > :760)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >>
>> >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >>
>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
>> >> > >> >>> > )
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
>> >> > >> >>> > 90)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >>
>> >> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
>> >> > >> >>> > ort.java:120)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >>
>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >>
>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >>
>> >> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >>
>> >> >
>> org.apache.catalina.core.StandardService.start(StandardService.java:448)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >>
>> >> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
>> >> > >> >>> > > at
>> >> > >> >>> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>> >> > >> >>> > > at
>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> >> > >> Method)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> >> > >> >>> > 39)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> >> > >> >>>
>> >> > >>
>> >> >
>> >>
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
>> >> > >> >>> > pl.java:25)
>> >> > >> >>> > > at java.lang.reflect.Method.invoke(Method.java:597)
>> >> > >> >>> > > at
>> >> > >> >>> >
>> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>> >> > >> >>> > > at
>> >> > >> >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>> >> > >> org.apache.catalina.core.ApplicationContext
>> >> > >> >>> log
>> >> > >> >>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init():
>> >> > >> ruleChain:
>> >> > >> >>> > [org.apache.webapp.balancer.RuleChain:
>> >> > >> >>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target
>> >> > string:
>> >> > >> >>> News
>> >> > >> >>> > / Redirect URL: http://www.cnn.com],
>> >> > >> >>> > [org.apache.webapp.balancer.rules.RequestParameterRule:
>> Target
>> >> > param
>> >> > >> >>> name:
>> >> > >> >>> > paramName / Target param value: paramValue / Redirect URL:
>> >> > >> >>> > http://www.yahoo.com],
>> >> > >> >>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule:
>> >> Redirect
>> >> > >> URL:
>> >> > >> >>> > http://jakarta.apache.org]]
>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>> >> > >> org.apache.catalina.core.ApplicationContext
>> >> > >> >>> log
>> >> > >> >>> > > INFO: ContextListener: contextInitialized()
>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>> >> > >> org.apache.catalina.core.ApplicationContext
>> >> > >> >>> log
>> >> > >> >>> > > INFO: SessionListener: contextInitialized()
>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>> >> > >> org.apache.catalina.core.ApplicationContext
>> >> > >> >>> log
>> >> > >> >>> > > INFO: ContextListener: contextInitialized()
>> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
>> >> > >> org.apache.catalina.core.ApplicationContext
>> >> > >> >>> log
>> >> > >> >>> > > INFO: SessionListener: contextInitialized()
>> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
>> >> > >> org.apache.catalina.core.ApplicationContext
>> >> > >> >>> log
>> >> > >> >>> > > INFO: SessionListener: contextDestroyed()
>> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
>> >> > >> org.apache.catalina.core.ApplicationContext
>> >> > >> >>> log
>> >> > >> >>> > > INFO: ContextListener: contextDestroyed()
>> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
>> >> > >> org.apache.catalina.core.ApplicationContext
>> >> > >> >>> log
>> >> > >> >>> > > INFO: SessionListener: contextDestroyed()
>> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
>> >> > >> org.apache.catalina.core.ApplicationContext
>> >> > >> >>> log
>> >> > >> >>> > > INFO: ContextListener: contextDestroyed()
>> >> > >> >>> > >
>> >> > >> >>> > >> -----Original Message-----
>> >> > >> >>> > >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
>> >> > >> >>> > >> Sent: Monday, August 17, 2009 4:24 PM
>> >> > >> >>> > >> To: shiro-user@incubator.apache.org
>> >> > >> >>> > >> Subject: Re: need more help with SSO
>> >> > >> >>> > >>
>> >> > >> >>> > >> Hi Andy,
>> >> > >> >>> > >>
>> >> > >> >>> > >> It goes in the main section, definitely. Is there any
>> more
>> >> to
>> >> > >> the
>> >> > >> >>> > >> exception? I'd like to see the entire stack trace if
>> >> > possible.
>> >> > >> >>> > >>
>> >> > >> >>> > >> - Les
>> >> > >> >>> > >>
>> >> > >> >>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy
>> >> > >> Tripp<An...@vonage.com>
>> >> > >> >>> > >> wrote:
>> >> > >> >>> > >> > I created my own Cache and CacheManager:
>> >> > >> >>> > >> >
>> >> > >> >>> > >> > public class VonageDistributedSessionCache implements
>> >> Cache
>> >> > {
>> >> > >> >>> > >> > public VonageDistributedSessionCache(String name) {
>> >> > >> >>> > >> >
>> System.err.println("VonageDistributedSessionCache
>> >> > >> >>> > >> > constructor.");
>> >> > >> >>> > >> > }
>> >> > >> >>> > >> > ...
>> >> > >> >>> > >> > }
>> >> > >> >>> > >> >
>> >> > >> >>> > >> > public class VonageDistributedSessionCacheManager
>> >> implements
>> >> > >> >>> > >> > CacheManager {
>> >> > >> >>> > >> > public Cache getCache(String name) throws
>> >> CacheException
>> >> > {
>> >> > >> >>> > >> > return new VonageDistributedSessionCache(name);
>> >> > >> >>> > >> > }
>> >> > >> >>> > >> > }
>> >> > >> >>> > >> >
>> >> > >> >>> > >> > Then in [main] section of my ShiroFilter in web.xml, I
>> >> have:
>> >> > >> >>> > >> > [main]
>> >> > >> >>> > >> > realmA =
>> >> com.vonage.auth.client.VonageAuthenticationRealm
>> >> > >> >>> > >> >
>> >> > >> >>> > >> > securityManager.sessionMode = native
>> >> > >> >>> > >> >
>> >> > >> >>> > >> > And when I add this:
>> >> > >> >>> > >> > # pull in vonage centralized authentication:
>> >> > >> >>> > >> > cacheManager =
>> >> > >> >>> > >> >
>> >> com.vonage.auth.client.VonageDistributedSessionCacheManager
>> >> > >> >>> > >> > sessionDAO =
>> >> > org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> >> > >> >>> > >> > sessionDAO.cacheManager = $cacheManager
>> >> > >> >>> > >> > securityManager.sessionDAO = $sessionDAO
>> >> > >> >>> > >> > securityManager.cacheManager = $cacheManager
>> >> > >> >>> > >> >
>> >> > >> >>> > >> > ...I get this error:
>> >> > >> >>> > >> > javax.servlet.ServletException: Unable to load from
>> text
>> >> > >> >>> > configuration.
>> >> > >> >>> > >> >
>> >> > >> >>> > >> > So...does this injection go here in the [main] section
>> of
>> >> > >> >>> > ShiroFilter,
>> >> > >> >>> > >> > or somewhere else?
>> >> > >> >>> > >> >
>> >> > >> >>> > >> > Thanks,
>> >> > >> >>> > >> > Andy
>> >> > >> >>> > >> >
>> >> > >> >>> > >
>> >> > >> >>
>> >> > >> >
>> >> > >
>> >
>
RE: need more help with SSO
Posted by Andy Tripp <An...@vonage.com>.
Jira issue created:
https://issues.apache.org/jira/browse/KI-82
> -----Original Message-----
> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> Behalf Of Les Hazlewood
> Sent: Thursday, August 20, 2009 11:53 AM
> To: shiro-user@incubator.apache.org
> Subject: Re: need more help with SSO
>
> Hi Andy,
>
> Can you please make note of this in a Jira issue? I'll fix it right
> away, but I'd like a record of this so when I modify the code, I can
> comment exactly why the change is required to ensure someone in the
> future doesn't accidentally revert the change.
>
> Thanks!
>
> Les
>
> On Thu, Aug 20, 2009 at 11:27 AM, Andy Tripp<An...@vonage.com>
> wrote:
> > Les,
> >
> > I finally found the problem. This line...
> > securityManager.sessionDAO = $sessionDAO
> > ...was being processed BEFORE this line...
> > securityManager.sessionManager = $sessionManager
> >
> > In ReflectionBuilder.buildObjects(), instanceMap and propertyMap need to
> be LinkedHashMap type, not just HashMap. With HashMap, the properties in
> ShiroFilter are being processed in arbitrary order, rather than the order
> listed. That would explain why it works for you and not me - you got
> unlucky :)
> >
> > Andy
> >
> >
> >> -----Original Message-----
> >> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
> >> Sent: Wednesday, August 19, 2009 4:02 PM
> >> To: shiro-user@incubator.apache.org
> >> Subject: RE: need more help with SSO
> >>
> >> Les,
> >> Sorry, that last email was a mistake on my part.
> >>
> >> Les,
> >>
> >> What I'm seeing now is that the DefaultWebSecurityManager instance's
> >> SessionManager is always set to ServletContainerSessionManager, when it
> >> should be a DefaultWebSessionManager. I tried adding these to my
> config:
> >>
> >> sessionManager =
> org.apache.shiro.web.session.DefaultWebSessionManager
> >> securityManager.sessionManager = $sessionManager
> >>
> >> ...but still, the DefaultWebSecurityManager.sessionManager field is an
> >> instance of ServletContainerSessionManager.
> >>
> >> I'm stumped. I guess I'm not clear on what SecurityManager instance is
> >> being called by this config stuff. Perhaps I'm missing some sort of:
> >> something.securityManager = securityManager
> >>
> >> Andy
> >> p.s. here's my full [main] section of my filter:
> >>
> >> realmA = org.apache.shiro.realm.text.PropertiesRealm
> >> securityManager = org.apache.shiro.web.DefaultWebSecurityManager
> >> sessionManager =
> >> org.apache.shiro.web.session.DefaultWebSessionManager
> >> securityManager.sessionManager = $sessionManager
> >>
> >> securityManager.sessionMode = native
> >>
> >> cacheManager = org.apache.shiro.cache.DefaultCacheManager
> >>
> >> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >> sessionDAO.cacheManager = $cacheManager
> >> securityManager.sessionDAO = $sessionDAO
> >> securityManager.cacheManager = $cacheManager
> >>
> >> securityManager.realm = $realmA
> >>
> >> > -----Original Message-----
> >> > From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com]
> On
> >> > Behalf Of Les Hazlewood
> >> > Sent: Wednesday, August 19, 2009 2:20 PM
> >> > To: shiro-user@incubator.apache.org
> >> > Subject: Re: need more help with SSO
> >> >
> >> > Hrm - that would be very odd if the DefaultWebSecurityManager was not
> >> > the instance - that is what the ShiroFilter enables at startup by
> >> > default. Just in case, try this as your very first config line:
> >> >
> >> > securityManager = org.apache.shiro.web.DefaultWebSecurityManager
> >> >
> >> > What does your debugger say is the securityManager instance?
> >> > Something is very strange...
> >> >
> >> > Thanks for the extra info. Are there any JUnit tests you might be
> >> > able to send our way?
> >> >
> >> > - Les
> >> >
> >> > On Wed, Aug 19, 2009 at 1:56 PM, Andy Tripp<An...@vonage.com>
> >> > wrote:
> >> > > Les,
> >> > > I put tracing code in DefaultWebSecurityManager.setSessionMode(),
> and
> >> it
> >> > appears that this method is not getting called. So the
> >> > ServletContainerSessionManager is not getting replace by a
> >> > DefaultWebSessionManager. So it appears that this line in the filter
> >> > config:
> >> > >
> >> > > securityManager.sessionMode = native
> >> > >
> >> > > is having no effect (note that it's securityManager, not
> >> sessionManager
> >> > as you suggest in the previous response).
> >> > >
> >> > > I'll keep trying to track it down further, any pointers would be
> >> > appreciated. I'm off to try to find the some SecurityManager
> instance,
> >> > which I suspect is something other than a DefaultWebSecurityManager,
> >> which
> >> > would mean that this config line is failing silently.
> >> > >
> >> > > Obviously, all this dependency injection via XML is driving me
> >> > completely crazy. I may be allergic to server-side Java :)
> >> > >
> >> > > Andy
> >> > >
> >> > >> -----Original Message-----
> >> > >> From: les.hazlewood@anjinllc.com
> [mailto:les.hazlewood@anjinllc.com]
> >> On
> >> > >> Behalf Of Les Hazlewood
> >> > >> Sent: Wednesday, August 19, 2009 12:46 PM
> >> > >> To: shiro-user@incubator.apache.org
> >> > >> Subject: Re: need more help with SSO
> >> > >>
> >> > >> Hi Andy,
> >> > >>
> >> > >> A quick note about the message: that was a bug in the exception
> >> > >> message, but the code is working as expected: if the wrapped
> >> > >> SessionManager does not implement the SessionDAOAware interface,
> it
> >> > >> cannot be injected with a SessionDAO. I have since fixed the
> message
> >> > >> to be correct and committed this change, although the code logic
> has
> >> > >> not been changed.
> >> > >>
> >> > >> Also, make sure that you do this:
> >> > >>
> >> > >> sessionManager.sessionMode = native
> >> > >>
> >> > >> before you try to inject the SessionDAO. The above call will
> >> > >> automatically substitute the ServletContainerSessionManager for a
> >> > >> DefaultWebSessionManager implementation on the fly. This latter
> >> > >> implementation does in fact implement SessionDAOAware and should
> >> > >> readily accept SessionDAO instances that are passed through the
> >> > >> securityManager.setSessionDAO(...) call.
> >> > >>
> >> > >> In the meantime, I'll try to create a unit test with the
> ShiroFilter
> >> > >> to see I can accurately recreate your issue, but I've been
> strapped
> >> > >> for time lately - if you could create one (if possible) and post
> it
> >> to
> >> > >> a Jira issue, that would help a lot.
> >> > >>
> >> > >> Regards,
> >> > >>
> >> > >> Les
> >> > >>
> >> > >> On Tue, Aug 18, 2009 at 11:34 AM, Les
> >> Hazlewood<lh...@apache.org>
> >> > >> wrote:
> >> > >> > Hi Andy,
> >> > >> >
> >> > >> > Thanks very much for sending this along - it is very helpful.
> I'll
> >> > be
> >> > >> > able to look into this a bit more later tonight.
> >> > >> >
> >> > >> > Regards,
> >> > >> >
> >> > >> > Les
> >> > >> >
> >> > >> > On Tue, Aug 18, 2009 at 11:21 AM, Andy
> >> Tripp<An...@vonage.com>
> >> > >> wrote:
> >> > >> >> Les,
> >> > >> >> I tracked this problem down through a maze of try/catch blocks,
> I
> >> > see
> >> > >> this exception:
> >> > >> >>
> >> > >> >> javax.servlet.ServletException: Unable to load from text
> >> > configuration.
> >> > >> e2=org.apache.shiro.config.ConfigurationException:
> >> > >> org.apache.shiro.config.ConfigurationException: Unable to set
> >> property
> >> > >> [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a
> >> reference
> >> > to
> >> > >> another (previously defined) object, please prefix it with '$' to
> >> > indicate
> >> > >> that the referenced object should be used as the actual value.
> For
> >> > >> example, $$sessionDAO
> >> > >> >>
> >> > >> >> ...which I tracked down to the
> ReflectionBuilder.applyProperty()
> >> > method
> >> > >> calling BeanUtils.setProperty() and catching an
> InvocationException.
> >> > The
> >> > >> cause of that exception is:
> >> > >> >>
> >> > >> >> java.lang.IllegalArgumentException: The underlying session
> manager
> >> > is
> >> > >> null or does not implement the
> >> > org.apache.shiro.session.mgt.eis.SessionDAO
> >> > >> >> interface, which is required if the underlying instance is to
> >> > receive
> >> > >> the sessionDAO argument.
> >> > >> >>
> >> > >> >>
> >> > >> >> ...which comes from SessionsSecurityManager.setSessionDAO(),
> which
> >> > >> checks
> >> > >> >> to see that the SessionDAO parameter implements
> SessionDAOAware.
> >> The
> >> > >> passed value is actually of class ServletContainerSessionManager,
> >> which
> >> > >> does NOT
> >> > >> >> implement SessionDAOAware.
> >> > >> >>
> >> > >> >> So I guess the mystery is why we're getting setSessionDAO()
> being
> >> > >> passed a ServletContainerSessionManager, when in fact we have this
> >> > config
> >> > >> line:
> >> > >> >>
> >> > >> >> sessionDAO =
> org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >> > >> >>
> >> > >> >> Hope this helps,
> >> > >> >> Andy
> >> > >> >>
> >> > >> >>
> >> > >> >>
> >> > >> >>
> >> > >> >>> -----Original Message-----
> >> > >> >>> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
> >> > >> >>> Sent: Tuesday, August 18, 2009 10:04 AM
> >> > >> >>> To: shiro-user@incubator.apache.org
> >> > >> >>> Subject: RE: need more help with SSO
> >> > >> >>>
> >> > >> >>> Les,
> >> > >> >>>
> >> > >> >>> I tried what you have below and still get the same "Unable to
> >> load
> >> > >> from
> >> > >> >>> text configuration" error. I tried it with the latest Shiro. I
> >> > >> narrowed
> >> > >> >>> the problem down to this line:
> >> > >> >>>
> >> > >> >>> securityManager.sessionDAO = $sessionDAO
> >> > >> >>>
> >> > >> >>> I get no errors with that line commented out.
> >> > >> >>>
> >> > >> >>> Any ideas? If not, I could put some tracing in the
> >> > >> OncePerRequestFilter
> >> > >> >>> class to narrow the problem down further.
> >> > >> >>>
> >> > >> >>> Andy
> >> > >> >>>
> >> > >> >>> > -----Original Message-----
> >> > >> >>> > From: les.hazlewood@anjinllc.com
> >> > [mailto:les.hazlewood@anjinllc.com]
> >> > >> On
> >> > >> >>> > Behalf Of Les Hazlewood
> >> > >> >>> > Sent: Monday, August 17, 2009 5:11 PM
> >> > >> >>> > To: shiro-user@incubator.apache.org
> >> > >> >>> > Subject: Re: need more help with SSO
> >> > >> >>> >
> >> > >> >>> > Hi Andy,
> >> > >> >>> >
> >> > >> >>> > I just verified that this simple test config works, although
> >> not
> >> > in
> >> > >> a
> >> > >> >>> > web environment:
> >> > >> >>> >
> >> > >> >>> > ----
> >> > >> >>> > realmA = org.apache.shiro.realm.text.PropertiesRealm
> >> > >> >>> >
> >> > >> >>> > securityManager.sessionMode = native
> >> > >> >>> >
> >> > >> >>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
> >> > >> >>> >
> >> > >> >>> > sessionDAO =
> org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >> > >> >>> > sessionDAO.cacheManager = $cacheManager
> >> > >> >>> > securityManager.sessionDAO = $sessionDAO
> >> > >> >>> > securityManager.cacheManager = $cacheManager
> >> > >> >>> >
> >> > >> >>> > securityManager.realm = $realmA
> >> > >> >>> > ----
> >> > >> >>> >
> >> > >> >>> > Could you please try that out and see if it works in your
> web
> >> > >> >>> > environment? If so, can you try substituting the
> >> > >> DefaultCacheManager
> >> > >> >>> > implementation (and your realm implementation) with with
> your
> >> > >> >>> > implementations and see what happens?
> >> > >> >>> >
> >> > >> >>> > - Les
> >> > >> >>> >
> >> > >> >>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy
> >> > Tripp<An...@vonage.com>
> >> > >> >>> > wrote:
> >> > >> >>> > > Here's the complete tomcat log file:
> >> > >> >>> > >
> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
> >> > org.apache.catalina.core.StandardContext
> >> > >> >>> > filterStart
> >> > >> >>> > > SEVERE: Exception starting filter ShiroFilter
> >> > >> >>> > > javax.servlet.ServletException: Unable to load from text
> >> > >> >>> configuration.
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
> >> > >> >>> > r.java:148)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
> >> > >> >>> > erConfig.java:221)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
> >> > >> >>> > ilterConfig.java:302)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
> >> > >> >>> > onfig.java:78)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
> >> > >> >>> > 3635)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
> >> > >> >>> > :760)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >>
> >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >>
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
> >> > >> >>> > )
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
> >> > >> >>> > 90)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >>
> >> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
> >> > >> >>> > ort.java:120)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >>
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >>
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >>
> >> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >>
> >> >
> org.apache.catalina.core.StandardService.start(StandardService.java:448)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >>
> >> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
> >> > >> >>> > > at
> >> > >> >>> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
> >> > >> >>> > > at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> >> > >> Method)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> >> > >> >>> > 39)
> >> > >> >>> > > at
> >> > >> >>> >
> >> > >> >>>
> >> > >>
> >> >
> >>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
> >> > >> >>> > pl.java:25)
> >> > >> >>> > > at java.lang.reflect.Method.invoke(Method.java:597)
> >> > >> >>> > > at
> >> > >> >>> >
> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
> >> > >> >>> > > at
> >> > >> >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
> >> > >> org.apache.catalina.core.ApplicationContext
> >> > >> >>> log
> >> > >> >>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init():
> >> > >> ruleChain:
> >> > >> >>> > [org.apache.webapp.balancer.RuleChain:
> >> > >> >>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target
> >> > string:
> >> > >> >>> News
> >> > >> >>> > / Redirect URL: http://www.cnn.com],
> >> > >> >>> > [org.apache.webapp.balancer.rules.RequestParameterRule:
> Target
> >> > param
> >> > >> >>> name:
> >> > >> >>> > paramName / Target param value: paramValue / Redirect URL:
> >> > >> >>> > http://www.yahoo.com],
> >> > >> >>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule:
> >> Redirect
> >> > >> URL:
> >> > >> >>> > http://jakarta.apache.org]]
> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
> >> > >> org.apache.catalina.core.ApplicationContext
> >> > >> >>> log
> >> > >> >>> > > INFO: ContextListener: contextInitialized()
> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
> >> > >> org.apache.catalina.core.ApplicationContext
> >> > >> >>> log
> >> > >> >>> > > INFO: SessionListener: contextInitialized()
> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
> >> > >> org.apache.catalina.core.ApplicationContext
> >> > >> >>> log
> >> > >> >>> > > INFO: ContextListener: contextInitialized()
> >> > >> >>> > > Aug 17, 2009 3:40:13 PM
> >> > >> org.apache.catalina.core.ApplicationContext
> >> > >> >>> log
> >> > >> >>> > > INFO: SessionListener: contextInitialized()
> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
> >> > >> org.apache.catalina.core.ApplicationContext
> >> > >> >>> log
> >> > >> >>> > > INFO: SessionListener: contextDestroyed()
> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
> >> > >> org.apache.catalina.core.ApplicationContext
> >> > >> >>> log
> >> > >> >>> > > INFO: ContextListener: contextDestroyed()
> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
> >> > >> org.apache.catalina.core.ApplicationContext
> >> > >> >>> log
> >> > >> >>> > > INFO: SessionListener: contextDestroyed()
> >> > >> >>> > > Aug 17, 2009 4:25:59 PM
> >> > >> org.apache.catalina.core.ApplicationContext
> >> > >> >>> log
> >> > >> >>> > > INFO: ContextListener: contextDestroyed()
> >> > >> >>> > >
> >> > >> >>> > >> -----Original Message-----
> >> > >> >>> > >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
> >> > >> >>> > >> Sent: Monday, August 17, 2009 4:24 PM
> >> > >> >>> > >> To: shiro-user@incubator.apache.org
> >> > >> >>> > >> Subject: Re: need more help with SSO
> >> > >> >>> > >>
> >> > >> >>> > >> Hi Andy,
> >> > >> >>> > >>
> >> > >> >>> > >> It goes in the main section, definitely. Is there any
> more
> >> to
> >> > >> the
> >> > >> >>> > >> exception? I'd like to see the entire stack trace if
> >> > possible.
> >> > >> >>> > >>
> >> > >> >>> > >> - Les
> >> > >> >>> > >>
> >> > >> >>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy
> >> > >> Tripp<An...@vonage.com>
> >> > >> >>> > >> wrote:
> >> > >> >>> > >> > I created my own Cache and CacheManager:
> >> > >> >>> > >> >
> >> > >> >>> > >> > public class VonageDistributedSessionCache implements
> >> Cache
> >> > {
> >> > >> >>> > >> > public VonageDistributedSessionCache(String name) {
> >> > >> >>> > >> >
> System.err.println("VonageDistributedSessionCache
> >> > >> >>> > >> > constructor.");
> >> > >> >>> > >> > }
> >> > >> >>> > >> > ...
> >> > >> >>> > >> > }
> >> > >> >>> > >> >
> >> > >> >>> > >> > public class VonageDistributedSessionCacheManager
> >> implements
> >> > >> >>> > >> > CacheManager {
> >> > >> >>> > >> > public Cache getCache(String name) throws
> >> CacheException
> >> > {
> >> > >> >>> > >> > return new VonageDistributedSessionCache(name);
> >> > >> >>> > >> > }
> >> > >> >>> > >> > }
> >> > >> >>> > >> >
> >> > >> >>> > >> > Then in [main] section of my ShiroFilter in web.xml, I
> >> have:
> >> > >> >>> > >> > [main]
> >> > >> >>> > >> > realmA =
> >> com.vonage.auth.client.VonageAuthenticationRealm
> >> > >> >>> > >> >
> >> > >> >>> > >> > securityManager.sessionMode = native
> >> > >> >>> > >> >
> >> > >> >>> > >> > And when I add this:
> >> > >> >>> > >> > # pull in vonage centralized authentication:
> >> > >> >>> > >> > cacheManager =
> >> > >> >>> > >> >
> >> com.vonage.auth.client.VonageDistributedSessionCacheManager
> >> > >> >>> > >> > sessionDAO =
> >> > org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >> > >> >>> > >> > sessionDAO.cacheManager = $cacheManager
> >> > >> >>> > >> > securityManager.sessionDAO = $sessionDAO
> >> > >> >>> > >> > securityManager.cacheManager = $cacheManager
> >> > >> >>> > >> >
> >> > >> >>> > >> > ...I get this error:
> >> > >> >>> > >> > javax.servlet.ServletException: Unable to load from
> text
> >> > >> >>> > configuration.
> >> > >> >>> > >> >
> >> > >> >>> > >> > So...does this injection go here in the [main] section
> of
> >> > >> >>> > ShiroFilter,
> >> > >> >>> > >> > or somewhere else?
> >> > >> >>> > >> >
> >> > >> >>> > >> > Thanks,
> >> > >> >>> > >> > Andy
> >> > >> >>> > >> >
> >> > >> >>> > >
> >> > >> >>
> >> > >> >
> >> > >
> >
Re: need more help with SSO
Posted by Les Hazlewood <lh...@apache.org>.
Hi Andy,
Can you please make note of this in a Jira issue? I'll fix it right
away, but I'd like a record of this so when I modify the code, I can
comment exactly why the change is required to ensure someone in the
future doesn't accidentally revert the change.
Thanks!
Les
On Thu, Aug 20, 2009 at 11:27 AM, Andy Tripp<An...@vonage.com> wrote:
> Les,
>
> I finally found the problem. This line...
> securityManager.sessionDAO = $sessionDAO
> ...was being processed BEFORE this line...
> securityManager.sessionManager = $sessionManager
>
> In ReflectionBuilder.buildObjects(), instanceMap and propertyMap need to be LinkedHashMap type, not just HashMap. With HashMap, the properties in ShiroFilter are being processed in arbitrary order, rather than the order listed. That would explain why it works for you and not me - you got unlucky :)
>
> Andy
>
>
>> -----Original Message-----
>> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
>> Sent: Wednesday, August 19, 2009 4:02 PM
>> To: shiro-user@incubator.apache.org
>> Subject: RE: need more help with SSO
>>
>> Les,
>> Sorry, that last email was a mistake on my part.
>>
>> Les,
>>
>> What I'm seeing now is that the DefaultWebSecurityManager instance's
>> SessionManager is always set to ServletContainerSessionManager, when it
>> should be a DefaultWebSessionManager. I tried adding these to my config:
>>
>> sessionManager = org.apache.shiro.web.session.DefaultWebSessionManager
>> securityManager.sessionManager = $sessionManager
>>
>> ...but still, the DefaultWebSecurityManager.sessionManager field is an
>> instance of ServletContainerSessionManager.
>>
>> I'm stumped. I guess I'm not clear on what SecurityManager instance is
>> being called by this config stuff. Perhaps I'm missing some sort of:
>> something.securityManager = securityManager
>>
>> Andy
>> p.s. here's my full [main] section of my filter:
>>
>> realmA = org.apache.shiro.realm.text.PropertiesRealm
>> securityManager = org.apache.shiro.web.DefaultWebSecurityManager
>> sessionManager =
>> org.apache.shiro.web.session.DefaultWebSessionManager
>> securityManager.sessionManager = $sessionManager
>>
>> securityManager.sessionMode = native
>>
>> cacheManager = org.apache.shiro.cache.DefaultCacheManager
>>
>> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> sessionDAO.cacheManager = $cacheManager
>> securityManager.sessionDAO = $sessionDAO
>> securityManager.cacheManager = $cacheManager
>>
>> securityManager.realm = $realmA
>>
>> > -----Original Message-----
>> > From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
>> > Behalf Of Les Hazlewood
>> > Sent: Wednesday, August 19, 2009 2:20 PM
>> > To: shiro-user@incubator.apache.org
>> > Subject: Re: need more help with SSO
>> >
>> > Hrm - that would be very odd if the DefaultWebSecurityManager was not
>> > the instance - that is what the ShiroFilter enables at startup by
>> > default. Just in case, try this as your very first config line:
>> >
>> > securityManager = org.apache.shiro.web.DefaultWebSecurityManager
>> >
>> > What does your debugger say is the securityManager instance?
>> > Something is very strange...
>> >
>> > Thanks for the extra info. Are there any JUnit tests you might be
>> > able to send our way?
>> >
>> > - Les
>> >
>> > On Wed, Aug 19, 2009 at 1:56 PM, Andy Tripp<An...@vonage.com>
>> > wrote:
>> > > Les,
>> > > I put tracing code in DefaultWebSecurityManager.setSessionMode(), and
>> it
>> > appears that this method is not getting called. So the
>> > ServletContainerSessionManager is not getting replace by a
>> > DefaultWebSessionManager. So it appears that this line in the filter
>> > config:
>> > >
>> > > securityManager.sessionMode = native
>> > >
>> > > is having no effect (note that it's securityManager, not
>> sessionManager
>> > as you suggest in the previous response).
>> > >
>> > > I'll keep trying to track it down further, any pointers would be
>> > appreciated. I'm off to try to find the some SecurityManager instance,
>> > which I suspect is something other than a DefaultWebSecurityManager,
>> which
>> > would mean that this config line is failing silently.
>> > >
>> > > Obviously, all this dependency injection via XML is driving me
>> > completely crazy. I may be allergic to server-side Java :)
>> > >
>> > > Andy
>> > >
>> > >> -----Original Message-----
>> > >> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com]
>> On
>> > >> Behalf Of Les Hazlewood
>> > >> Sent: Wednesday, August 19, 2009 12:46 PM
>> > >> To: shiro-user@incubator.apache.org
>> > >> Subject: Re: need more help with SSO
>> > >>
>> > >> Hi Andy,
>> > >>
>> > >> A quick note about the message: that was a bug in the exception
>> > >> message, but the code is working as expected: if the wrapped
>> > >> SessionManager does not implement the SessionDAOAware interface, it
>> > >> cannot be injected with a SessionDAO. I have since fixed the message
>> > >> to be correct and committed this change, although the code logic has
>> > >> not been changed.
>> > >>
>> > >> Also, make sure that you do this:
>> > >>
>> > >> sessionManager.sessionMode = native
>> > >>
>> > >> before you try to inject the SessionDAO. The above call will
>> > >> automatically substitute the ServletContainerSessionManager for a
>> > >> DefaultWebSessionManager implementation on the fly. This latter
>> > >> implementation does in fact implement SessionDAOAware and should
>> > >> readily accept SessionDAO instances that are passed through the
>> > >> securityManager.setSessionDAO(...) call.
>> > >>
>> > >> In the meantime, I'll try to create a unit test with the ShiroFilter
>> > >> to see I can accurately recreate your issue, but I've been strapped
>> > >> for time lately - if you could create one (if possible) and post it
>> to
>> > >> a Jira issue, that would help a lot.
>> > >>
>> > >> Regards,
>> > >>
>> > >> Les
>> > >>
>> > >> On Tue, Aug 18, 2009 at 11:34 AM, Les
>> Hazlewood<lh...@apache.org>
>> > >> wrote:
>> > >> > Hi Andy,
>> > >> >
>> > >> > Thanks very much for sending this along - it is very helpful. I'll
>> > be
>> > >> > able to look into this a bit more later tonight.
>> > >> >
>> > >> > Regards,
>> > >> >
>> > >> > Les
>> > >> >
>> > >> > On Tue, Aug 18, 2009 at 11:21 AM, Andy
>> Tripp<An...@vonage.com>
>> > >> wrote:
>> > >> >> Les,
>> > >> >> I tracked this problem down through a maze of try/catch blocks, I
>> > see
>> > >> this exception:
>> > >> >>
>> > >> >> javax.servlet.ServletException: Unable to load from text
>> > configuration.
>> > >> e2=org.apache.shiro.config.ConfigurationException:
>> > >> org.apache.shiro.config.ConfigurationException: Unable to set
>> property
>> > >> [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a
>> reference
>> > to
>> > >> another (previously defined) object, please prefix it with '$' to
>> > indicate
>> > >> that the referenced object should be used as the actual value. For
>> > >> example, $$sessionDAO
>> > >> >>
>> > >> >> ...which I tracked down to the ReflectionBuilder.applyProperty()
>> > method
>> > >> calling BeanUtils.setProperty() and catching an InvocationException.
>> > The
>> > >> cause of that exception is:
>> > >> >>
>> > >> >> java.lang.IllegalArgumentException: The underlying session manager
>> > is
>> > >> null or does not implement the
>> > org.apache.shiro.session.mgt.eis.SessionDAO
>> > >> >> interface, which is required if the underlying instance is to
>> > receive
>> > >> the sessionDAO argument.
>> > >> >>
>> > >> >>
>> > >> >> ...which comes from SessionsSecurityManager.setSessionDAO(), which
>> > >> checks
>> > >> >> to see that the SessionDAO parameter implements SessionDAOAware.
>> The
>> > >> passed value is actually of class ServletContainerSessionManager,
>> which
>> > >> does NOT
>> > >> >> implement SessionDAOAware.
>> > >> >>
>> > >> >> So I guess the mystery is why we're getting setSessionDAO() being
>> > >> passed a ServletContainerSessionManager, when in fact we have this
>> > config
>> > >> line:
>> > >> >>
>> > >> >> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> > >> >>
>> > >> >> Hope this helps,
>> > >> >> Andy
>> > >> >>
>> > >> >>
>> > >> >>
>> > >> >>
>> > >> >>> -----Original Message-----
>> > >> >>> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
>> > >> >>> Sent: Tuesday, August 18, 2009 10:04 AM
>> > >> >>> To: shiro-user@incubator.apache.org
>> > >> >>> Subject: RE: need more help with SSO
>> > >> >>>
>> > >> >>> Les,
>> > >> >>>
>> > >> >>> I tried what you have below and still get the same "Unable to
>> load
>> > >> from
>> > >> >>> text configuration" error. I tried it with the latest Shiro. I
>> > >> narrowed
>> > >> >>> the problem down to this line:
>> > >> >>>
>> > >> >>> securityManager.sessionDAO = $sessionDAO
>> > >> >>>
>> > >> >>> I get no errors with that line commented out.
>> > >> >>>
>> > >> >>> Any ideas? If not, I could put some tracing in the
>> > >> OncePerRequestFilter
>> > >> >>> class to narrow the problem down further.
>> > >> >>>
>> > >> >>> Andy
>> > >> >>>
>> > >> >>> > -----Original Message-----
>> > >> >>> > From: les.hazlewood@anjinllc.com
>> > [mailto:les.hazlewood@anjinllc.com]
>> > >> On
>> > >> >>> > Behalf Of Les Hazlewood
>> > >> >>> > Sent: Monday, August 17, 2009 5:11 PM
>> > >> >>> > To: shiro-user@incubator.apache.org
>> > >> >>> > Subject: Re: need more help with SSO
>> > >> >>> >
>> > >> >>> > Hi Andy,
>> > >> >>> >
>> > >> >>> > I just verified that this simple test config works, although
>> not
>> > in
>> > >> a
>> > >> >>> > web environment:
>> > >> >>> >
>> > >> >>> > ----
>> > >> >>> > realmA = org.apache.shiro.realm.text.PropertiesRealm
>> > >> >>> >
>> > >> >>> > securityManager.sessionMode = native
>> > >> >>> >
>> > >> >>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
>> > >> >>> >
>> > >> >>> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> > >> >>> > sessionDAO.cacheManager = $cacheManager
>> > >> >>> > securityManager.sessionDAO = $sessionDAO
>> > >> >>> > securityManager.cacheManager = $cacheManager
>> > >> >>> >
>> > >> >>> > securityManager.realm = $realmA
>> > >> >>> > ----
>> > >> >>> >
>> > >> >>> > Could you please try that out and see if it works in your web
>> > >> >>> > environment? If so, can you try substituting the
>> > >> DefaultCacheManager
>> > >> >>> > implementation (and your realm implementation) with with your
>> > >> >>> > implementations and see what happens?
>> > >> >>> >
>> > >> >>> > - Les
>> > >> >>> >
>> > >> >>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy
>> > Tripp<An...@vonage.com>
>> > >> >>> > wrote:
>> > >> >>> > > Here's the complete tomcat log file:
>> > >> >>> > >
>> > >> >>> > > Aug 17, 2009 3:40:13 PM
>> > org.apache.catalina.core.StandardContext
>> > >> >>> > filterStart
>> > >> >>> > > SEVERE: Exception starting filter ShiroFilter
>> > >> >>> > > javax.servlet.ServletException: Unable to load from text
>> > >> >>> configuration.
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
>> > >> >>> > r.java:148)
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
>> > >> >>> > erConfig.java:221)
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
>> > >> >>> > ilterConfig.java:302)
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
>> > >> >>> > onfig.java:78)
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
>> > >> >>> > 3635)
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
>> > >> >>> > :760)
>> > >> >>> > > at
>> > >> >>> >
>> > >>
>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
>> > >> >>> > > at
>> > >> >>> >
>> > >> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
>> > >> >>> > )
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
>> > >> >>> > 90)
>> > >> >>> > > at
>> > >> >>> >
>> > >>
>> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
>> > >> >>> > > at
>> > >> >>> >
>> > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
>> > >> >>> > ort.java:120)
>> > >> >>> > > at
>> > >> >>> >
>> > >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
>> > >> >>> > > at
>> > >> >>> >
>> > org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
>> > >> >>> > > at
>> > >> >>> >
>> > >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
>> > >> >>> > > at
>> > >> >>> >
>> > >>
>> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>> > >> >>> > > at
>> > >> >>> >
>> > >>
>> > org.apache.catalina.core.StandardService.start(StandardService.java:448)
>> > >> >>> > > at
>> > >> >>> >
>> > >>
>> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
>> > >> >>> > > at
>> > >> >>> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>> > >> >>> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> > >> Method)
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> > >> >>> > 39)
>> > >> >>> > > at
>> > >> >>> >
>> > >> >>>
>> > >>
>> >
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
>> > >> >>> > pl.java:25)
>> > >> >>> > > at java.lang.reflect.Method.invoke(Method.java:597)
>> > >> >>> > > at
>> > >> >>> > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>> > >> >>> > > at
>> > >> >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
>> > >> >>> > > Aug 17, 2009 3:40:13 PM
>> > >> org.apache.catalina.core.ApplicationContext
>> > >> >>> log
>> > >> >>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init():
>> > >> ruleChain:
>> > >> >>> > [org.apache.webapp.balancer.RuleChain:
>> > >> >>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target
>> > string:
>> > >> >>> News
>> > >> >>> > / Redirect URL: http://www.cnn.com],
>> > >> >>> > [org.apache.webapp.balancer.rules.RequestParameterRule: Target
>> > param
>> > >> >>> name:
>> > >> >>> > paramName / Target param value: paramValue / Redirect URL:
>> > >> >>> > http://www.yahoo.com],
>> > >> >>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule:
>> Redirect
>> > >> URL:
>> > >> >>> > http://jakarta.apache.org]]
>> > >> >>> > > Aug 17, 2009 3:40:13 PM
>> > >> org.apache.catalina.core.ApplicationContext
>> > >> >>> log
>> > >> >>> > > INFO: ContextListener: contextInitialized()
>> > >> >>> > > Aug 17, 2009 3:40:13 PM
>> > >> org.apache.catalina.core.ApplicationContext
>> > >> >>> log
>> > >> >>> > > INFO: SessionListener: contextInitialized()
>> > >> >>> > > Aug 17, 2009 3:40:13 PM
>> > >> org.apache.catalina.core.ApplicationContext
>> > >> >>> log
>> > >> >>> > > INFO: ContextListener: contextInitialized()
>> > >> >>> > > Aug 17, 2009 3:40:13 PM
>> > >> org.apache.catalina.core.ApplicationContext
>> > >> >>> log
>> > >> >>> > > INFO: SessionListener: contextInitialized()
>> > >> >>> > > Aug 17, 2009 4:25:59 PM
>> > >> org.apache.catalina.core.ApplicationContext
>> > >> >>> log
>> > >> >>> > > INFO: SessionListener: contextDestroyed()
>> > >> >>> > > Aug 17, 2009 4:25:59 PM
>> > >> org.apache.catalina.core.ApplicationContext
>> > >> >>> log
>> > >> >>> > > INFO: ContextListener: contextDestroyed()
>> > >> >>> > > Aug 17, 2009 4:25:59 PM
>> > >> org.apache.catalina.core.ApplicationContext
>> > >> >>> log
>> > >> >>> > > INFO: SessionListener: contextDestroyed()
>> > >> >>> > > Aug 17, 2009 4:25:59 PM
>> > >> org.apache.catalina.core.ApplicationContext
>> > >> >>> log
>> > >> >>> > > INFO: ContextListener: contextDestroyed()
>> > >> >>> > >
>> > >> >>> > >> -----Original Message-----
>> > >> >>> > >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
>> > >> >>> > >> Sent: Monday, August 17, 2009 4:24 PM
>> > >> >>> > >> To: shiro-user@incubator.apache.org
>> > >> >>> > >> Subject: Re: need more help with SSO
>> > >> >>> > >>
>> > >> >>> > >> Hi Andy,
>> > >> >>> > >>
>> > >> >>> > >> It goes in the main section, definitely. Is there any more
>> to
>> > >> the
>> > >> >>> > >> exception? I'd like to see the entire stack trace if
>> > possible.
>> > >> >>> > >>
>> > >> >>> > >> - Les
>> > >> >>> > >>
>> > >> >>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy
>> > >> Tripp<An...@vonage.com>
>> > >> >>> > >> wrote:
>> > >> >>> > >> > I created my own Cache and CacheManager:
>> > >> >>> > >> >
>> > >> >>> > >> > public class VonageDistributedSessionCache implements
>> Cache
>> > {
>> > >> >>> > >> > public VonageDistributedSessionCache(String name) {
>> > >> >>> > >> > System.err.println("VonageDistributedSessionCache
>> > >> >>> > >> > constructor.");
>> > >> >>> > >> > }
>> > >> >>> > >> > ...
>> > >> >>> > >> > }
>> > >> >>> > >> >
>> > >> >>> > >> > public class VonageDistributedSessionCacheManager
>> implements
>> > >> >>> > >> > CacheManager {
>> > >> >>> > >> > public Cache getCache(String name) throws
>> CacheException
>> > {
>> > >> >>> > >> > return new VonageDistributedSessionCache(name);
>> > >> >>> > >> > }
>> > >> >>> > >> > }
>> > >> >>> > >> >
>> > >> >>> > >> > Then in [main] section of my ShiroFilter in web.xml, I
>> have:
>> > >> >>> > >> > [main]
>> > >> >>> > >> > realmA =
>> com.vonage.auth.client.VonageAuthenticationRealm
>> > >> >>> > >> >
>> > >> >>> > >> > securityManager.sessionMode = native
>> > >> >>> > >> >
>> > >> >>> > >> > And when I add this:
>> > >> >>> > >> > # pull in vonage centralized authentication:
>> > >> >>> > >> > cacheManager =
>> > >> >>> > >> >
>> com.vonage.auth.client.VonageDistributedSessionCacheManager
>> > >> >>> > >> > sessionDAO =
>> > org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> > >> >>> > >> > sessionDAO.cacheManager = $cacheManager
>> > >> >>> > >> > securityManager.sessionDAO = $sessionDAO
>> > >> >>> > >> > securityManager.cacheManager = $cacheManager
>> > >> >>> > >> >
>> > >> >>> > >> > ...I get this error:
>> > >> >>> > >> > javax.servlet.ServletException: Unable to load from text
>> > >> >>> > configuration.
>> > >> >>> > >> >
>> > >> >>> > >> > So...does this injection go here in the [main] section of
>> > >> >>> > ShiroFilter,
>> > >> >>> > >> > or somewhere else?
>> > >> >>> > >> >
>> > >> >>> > >> > Thanks,
>> > >> >>> > >> > Andy
>> > >> >>> > >> >
>> > >> >>> > >
>> > >> >>
>> > >> >
>> > >
>
RE: need more help with SSO
Posted by Andy Tripp <An...@vonage.com>.
Les,
I finally found the problem. This line...
securityManager.sessionDAO = $sessionDAO
...was being processed BEFORE this line...
securityManager.sessionManager = $sessionManager
In ReflectionBuilder.buildObjects(), instanceMap and propertyMap need to be LinkedHashMap type, not just HashMap. With HashMap, the properties in ShiroFilter are being processed in arbitrary order, rather than the order listed. That would explain why it works for you and not me - you got unlucky :)
Andy
> -----Original Message-----
> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
> Sent: Wednesday, August 19, 2009 4:02 PM
> To: shiro-user@incubator.apache.org
> Subject: RE: need more help with SSO
>
> Les,
> Sorry, that last email was a mistake on my part.
>
> Les,
>
> What I'm seeing now is that the DefaultWebSecurityManager instance's
> SessionManager is always set to ServletContainerSessionManager, when it
> should be a DefaultWebSessionManager. I tried adding these to my config:
>
> sessionManager = org.apache.shiro.web.session.DefaultWebSessionManager
> securityManager.sessionManager = $sessionManager
>
> ...but still, the DefaultWebSecurityManager.sessionManager field is an
> instance of ServletContainerSessionManager.
>
> I'm stumped. I guess I'm not clear on what SecurityManager instance is
> being called by this config stuff. Perhaps I'm missing some sort of:
> something.securityManager = securityManager
>
> Andy
> p.s. here's my full [main] section of my filter:
>
> realmA = org.apache.shiro.realm.text.PropertiesRealm
> securityManager = org.apache.shiro.web.DefaultWebSecurityManager
> sessionManager =
> org.apache.shiro.web.session.DefaultWebSessionManager
> securityManager.sessionManager = $sessionManager
>
> securityManager.sessionMode = native
>
> cacheManager = org.apache.shiro.cache.DefaultCacheManager
>
> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> sessionDAO.cacheManager = $cacheManager
> securityManager.sessionDAO = $sessionDAO
> securityManager.cacheManager = $cacheManager
>
> securityManager.realm = $realmA
>
> > -----Original Message-----
> > From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> > Behalf Of Les Hazlewood
> > Sent: Wednesday, August 19, 2009 2:20 PM
> > To: shiro-user@incubator.apache.org
> > Subject: Re: need more help with SSO
> >
> > Hrm - that would be very odd if the DefaultWebSecurityManager was not
> > the instance - that is what the ShiroFilter enables at startup by
> > default. Just in case, try this as your very first config line:
> >
> > securityManager = org.apache.shiro.web.DefaultWebSecurityManager
> >
> > What does your debugger say is the securityManager instance?
> > Something is very strange...
> >
> > Thanks for the extra info. Are there any JUnit tests you might be
> > able to send our way?
> >
> > - Les
> >
> > On Wed, Aug 19, 2009 at 1:56 PM, Andy Tripp<An...@vonage.com>
> > wrote:
> > > Les,
> > > I put tracing code in DefaultWebSecurityManager.setSessionMode(), and
> it
> > appears that this method is not getting called. So the
> > ServletContainerSessionManager is not getting replace by a
> > DefaultWebSessionManager. So it appears that this line in the filter
> > config:
> > >
> > > securityManager.sessionMode = native
> > >
> > > is having no effect (note that it's securityManager, not
> sessionManager
> > as you suggest in the previous response).
> > >
> > > I'll keep trying to track it down further, any pointers would be
> > appreciated. I'm off to try to find the some SecurityManager instance,
> > which I suspect is something other than a DefaultWebSecurityManager,
> which
> > would mean that this config line is failing silently.
> > >
> > > Obviously, all this dependency injection via XML is driving me
> > completely crazy. I may be allergic to server-side Java :)
> > >
> > > Andy
> > >
> > >> -----Original Message-----
> > >> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com]
> On
> > >> Behalf Of Les Hazlewood
> > >> Sent: Wednesday, August 19, 2009 12:46 PM
> > >> To: shiro-user@incubator.apache.org
> > >> Subject: Re: need more help with SSO
> > >>
> > >> Hi Andy,
> > >>
> > >> A quick note about the message: that was a bug in the exception
> > >> message, but the code is working as expected: if the wrapped
> > >> SessionManager does not implement the SessionDAOAware interface, it
> > >> cannot be injected with a SessionDAO. I have since fixed the message
> > >> to be correct and committed this change, although the code logic has
> > >> not been changed.
> > >>
> > >> Also, make sure that you do this:
> > >>
> > >> sessionManager.sessionMode = native
> > >>
> > >> before you try to inject the SessionDAO. The above call will
> > >> automatically substitute the ServletContainerSessionManager for a
> > >> DefaultWebSessionManager implementation on the fly. This latter
> > >> implementation does in fact implement SessionDAOAware and should
> > >> readily accept SessionDAO instances that are passed through the
> > >> securityManager.setSessionDAO(...) call.
> > >>
> > >> In the meantime, I'll try to create a unit test with the ShiroFilter
> > >> to see I can accurately recreate your issue, but I've been strapped
> > >> for time lately - if you could create one (if possible) and post it
> to
> > >> a Jira issue, that would help a lot.
> > >>
> > >> Regards,
> > >>
> > >> Les
> > >>
> > >> On Tue, Aug 18, 2009 at 11:34 AM, Les
> Hazlewood<lh...@apache.org>
> > >> wrote:
> > >> > Hi Andy,
> > >> >
> > >> > Thanks very much for sending this along - it is very helpful. I'll
> > be
> > >> > able to look into this a bit more later tonight.
> > >> >
> > >> > Regards,
> > >> >
> > >> > Les
> > >> >
> > >> > On Tue, Aug 18, 2009 at 11:21 AM, Andy
> Tripp<An...@vonage.com>
> > >> wrote:
> > >> >> Les,
> > >> >> I tracked this problem down through a maze of try/catch blocks, I
> > see
> > >> this exception:
> > >> >>
> > >> >> javax.servlet.ServletException: Unable to load from text
> > configuration.
> > >> e2=org.apache.shiro.config.ConfigurationException:
> > >> org.apache.shiro.config.ConfigurationException: Unable to set
> property
> > >> [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a
> reference
> > to
> > >> another (previously defined) object, please prefix it with '$' to
> > indicate
> > >> that the referenced object should be used as the actual value. For
> > >> example, $$sessionDAO
> > >> >>
> > >> >> ...which I tracked down to the ReflectionBuilder.applyProperty()
> > method
> > >> calling BeanUtils.setProperty() and catching an InvocationException.
> > The
> > >> cause of that exception is:
> > >> >>
> > >> >> java.lang.IllegalArgumentException: The underlying session manager
> > is
> > >> null or does not implement the
> > org.apache.shiro.session.mgt.eis.SessionDAO
> > >> >> interface, which is required if the underlying instance is to
> > receive
> > >> the sessionDAO argument.
> > >> >>
> > >> >>
> > >> >> ...which comes from SessionsSecurityManager.setSessionDAO(), which
> > >> checks
> > >> >> to see that the SessionDAO parameter implements SessionDAOAware.
> The
> > >> passed value is actually of class ServletContainerSessionManager,
> which
> > >> does NOT
> > >> >> implement SessionDAOAware.
> > >> >>
> > >> >> So I guess the mystery is why we're getting setSessionDAO() being
> > >> passed a ServletContainerSessionManager, when in fact we have this
> > config
> > >> line:
> > >> >>
> > >> >> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> > >> >>
> > >> >> Hope this helps,
> > >> >> Andy
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >>> -----Original Message-----
> > >> >>> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
> > >> >>> Sent: Tuesday, August 18, 2009 10:04 AM
> > >> >>> To: shiro-user@incubator.apache.org
> > >> >>> Subject: RE: need more help with SSO
> > >> >>>
> > >> >>> Les,
> > >> >>>
> > >> >>> I tried what you have below and still get the same "Unable to
> load
> > >> from
> > >> >>> text configuration" error. I tried it with the latest Shiro. I
> > >> narrowed
> > >> >>> the problem down to this line:
> > >> >>>
> > >> >>> securityManager.sessionDAO = $sessionDAO
> > >> >>>
> > >> >>> I get no errors with that line commented out.
> > >> >>>
> > >> >>> Any ideas? If not, I could put some tracing in the
> > >> OncePerRequestFilter
> > >> >>> class to narrow the problem down further.
> > >> >>>
> > >> >>> Andy
> > >> >>>
> > >> >>> > -----Original Message-----
> > >> >>> > From: les.hazlewood@anjinllc.com
> > [mailto:les.hazlewood@anjinllc.com]
> > >> On
> > >> >>> > Behalf Of Les Hazlewood
> > >> >>> > Sent: Monday, August 17, 2009 5:11 PM
> > >> >>> > To: shiro-user@incubator.apache.org
> > >> >>> > Subject: Re: need more help with SSO
> > >> >>> >
> > >> >>> > Hi Andy,
> > >> >>> >
> > >> >>> > I just verified that this simple test config works, although
> not
> > in
> > >> a
> > >> >>> > web environment:
> > >> >>> >
> > >> >>> > ----
> > >> >>> > realmA = org.apache.shiro.realm.text.PropertiesRealm
> > >> >>> >
> > >> >>> > securityManager.sessionMode = native
> > >> >>> >
> > >> >>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
> > >> >>> >
> > >> >>> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> > >> >>> > sessionDAO.cacheManager = $cacheManager
> > >> >>> > securityManager.sessionDAO = $sessionDAO
> > >> >>> > securityManager.cacheManager = $cacheManager
> > >> >>> >
> > >> >>> > securityManager.realm = $realmA
> > >> >>> > ----
> > >> >>> >
> > >> >>> > Could you please try that out and see if it works in your web
> > >> >>> > environment? If so, can you try substituting the
> > >> DefaultCacheManager
> > >> >>> > implementation (and your realm implementation) with with your
> > >> >>> > implementations and see what happens?
> > >> >>> >
> > >> >>> > - Les
> > >> >>> >
> > >> >>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy
> > Tripp<An...@vonage.com>
> > >> >>> > wrote:
> > >> >>> > > Here's the complete tomcat log file:
> > >> >>> > >
> > >> >>> > > Aug 17, 2009 3:40:13 PM
> > org.apache.catalina.core.StandardContext
> > >> >>> > filterStart
> > >> >>> > > SEVERE: Exception starting filter ShiroFilter
> > >> >>> > > javax.servlet.ServletException: Unable to load from text
> > >> >>> configuration.
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
> > >> >>> > r.java:148)
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
> > >> >>> > erConfig.java:221)
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
> > >> >>> > ilterConfig.java:302)
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
> > >> >>> > onfig.java:78)
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
> > >> >>> > 3635)
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
> > >> >>> > :760)
> > >> >>> > > at
> > >> >>> >
> > >>
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
> > >> >>> > > at
> > >> >>> >
> > >> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
> > >> >>> > )
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
> > >> >>> > 90)
> > >> >>> > > at
> > >> >>> >
> > >>
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
> > >> >>> > > at
> > >> >>> >
> > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
> > >> >>> > ort.java:120)
> > >> >>> > > at
> > >> >>> >
> > >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
> > >> >>> > > at
> > >> >>> >
> > org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
> > >> >>> > > at
> > >> >>> >
> > >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
> > >> >>> > > at
> > >> >>> >
> > >>
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> > >> >>> > > at
> > >> >>> >
> > >>
> > org.apache.catalina.core.StandardService.start(StandardService.java:448)
> > >> >>> > > at
> > >> >>> >
> > >>
> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
> > >> >>> > > at
> > >> >>> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
> > >> >>> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> > >> Method)
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> > >> >>> > 39)
> > >> >>> > > at
> > >> >>> >
> > >> >>>
> > >>
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
> > >> >>> > pl.java:25)
> > >> >>> > > at java.lang.reflect.Method.invoke(Method.java:597)
> > >> >>> > > at
> > >> >>> > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
> > >> >>> > > at
> > >> >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> > >> >>> > > Aug 17, 2009 3:40:13 PM
> > >> org.apache.catalina.core.ApplicationContext
> > >> >>> log
> > >> >>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init():
> > >> ruleChain:
> > >> >>> > [org.apache.webapp.balancer.RuleChain:
> > >> >>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target
> > string:
> > >> >>> News
> > >> >>> > / Redirect URL: http://www.cnn.com],
> > >> >>> > [org.apache.webapp.balancer.rules.RequestParameterRule: Target
> > param
> > >> >>> name:
> > >> >>> > paramName / Target param value: paramValue / Redirect URL:
> > >> >>> > http://www.yahoo.com],
> > >> >>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule:
> Redirect
> > >> URL:
> > >> >>> > http://jakarta.apache.org]]
> > >> >>> > > Aug 17, 2009 3:40:13 PM
> > >> org.apache.catalina.core.ApplicationContext
> > >> >>> log
> > >> >>> > > INFO: ContextListener: contextInitialized()
> > >> >>> > > Aug 17, 2009 3:40:13 PM
> > >> org.apache.catalina.core.ApplicationContext
> > >> >>> log
> > >> >>> > > INFO: SessionListener: contextInitialized()
> > >> >>> > > Aug 17, 2009 3:40:13 PM
> > >> org.apache.catalina.core.ApplicationContext
> > >> >>> log
> > >> >>> > > INFO: ContextListener: contextInitialized()
> > >> >>> > > Aug 17, 2009 3:40:13 PM
> > >> org.apache.catalina.core.ApplicationContext
> > >> >>> log
> > >> >>> > > INFO: SessionListener: contextInitialized()
> > >> >>> > > Aug 17, 2009 4:25:59 PM
> > >> org.apache.catalina.core.ApplicationContext
> > >> >>> log
> > >> >>> > > INFO: SessionListener: contextDestroyed()
> > >> >>> > > Aug 17, 2009 4:25:59 PM
> > >> org.apache.catalina.core.ApplicationContext
> > >> >>> log
> > >> >>> > > INFO: ContextListener: contextDestroyed()
> > >> >>> > > Aug 17, 2009 4:25:59 PM
> > >> org.apache.catalina.core.ApplicationContext
> > >> >>> log
> > >> >>> > > INFO: SessionListener: contextDestroyed()
> > >> >>> > > Aug 17, 2009 4:25:59 PM
> > >> org.apache.catalina.core.ApplicationContext
> > >> >>> log
> > >> >>> > > INFO: ContextListener: contextDestroyed()
> > >> >>> > >
> > >> >>> > >> -----Original Message-----
> > >> >>> > >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
> > >> >>> > >> Sent: Monday, August 17, 2009 4:24 PM
> > >> >>> > >> To: shiro-user@incubator.apache.org
> > >> >>> > >> Subject: Re: need more help with SSO
> > >> >>> > >>
> > >> >>> > >> Hi Andy,
> > >> >>> > >>
> > >> >>> > >> It goes in the main section, definitely. Is there any more
> to
> > >> the
> > >> >>> > >> exception? I'd like to see the entire stack trace if
> > possible.
> > >> >>> > >>
> > >> >>> > >> - Les
> > >> >>> > >>
> > >> >>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy
> > >> Tripp<An...@vonage.com>
> > >> >>> > >> wrote:
> > >> >>> > >> > I created my own Cache and CacheManager:
> > >> >>> > >> >
> > >> >>> > >> > public class VonageDistributedSessionCache implements
> Cache
> > {
> > >> >>> > >> > public VonageDistributedSessionCache(String name) {
> > >> >>> > >> > System.err.println("VonageDistributedSessionCache
> > >> >>> > >> > constructor.");
> > >> >>> > >> > }
> > >> >>> > >> > ...
> > >> >>> > >> > }
> > >> >>> > >> >
> > >> >>> > >> > public class VonageDistributedSessionCacheManager
> implements
> > >> >>> > >> > CacheManager {
> > >> >>> > >> > public Cache getCache(String name) throws
> CacheException
> > {
> > >> >>> > >> > return new VonageDistributedSessionCache(name);
> > >> >>> > >> > }
> > >> >>> > >> > }
> > >> >>> > >> >
> > >> >>> > >> > Then in [main] section of my ShiroFilter in web.xml, I
> have:
> > >> >>> > >> > [main]
> > >> >>> > >> > realmA =
> com.vonage.auth.client.VonageAuthenticationRealm
> > >> >>> > >> >
> > >> >>> > >> > securityManager.sessionMode = native
> > >> >>> > >> >
> > >> >>> > >> > And when I add this:
> > >> >>> > >> > # pull in vonage centralized authentication:
> > >> >>> > >> > cacheManager =
> > >> >>> > >> >
> com.vonage.auth.client.VonageDistributedSessionCacheManager
> > >> >>> > >> > sessionDAO =
> > org.apache.shiro.session.mgt.eis.MemorySessionDAO
> > >> >>> > >> > sessionDAO.cacheManager = $cacheManager
> > >> >>> > >> > securityManager.sessionDAO = $sessionDAO
> > >> >>> > >> > securityManager.cacheManager = $cacheManager
> > >> >>> > >> >
> > >> >>> > >> > ...I get this error:
> > >> >>> > >> > javax.servlet.ServletException: Unable to load from text
> > >> >>> > configuration.
> > >> >>> > >> >
> > >> >>> > >> > So...does this injection go here in the [main] section of
> > >> >>> > ShiroFilter,
> > >> >>> > >> > or somewhere else?
> > >> >>> > >> >
> > >> >>> > >> > Thanks,
> > >> >>> > >> > Andy
> > >> >>> > >> >
> > >> >>> > >
> > >> >>
> > >> >
> > >
RE: need more help with SSO
Posted by Andy Tripp <An...@vonage.com>.
Les,
Sorry, that last email was a mistake on my part.
Les,
What I'm seeing now is that the DefaultWebSecurityManager instance's SessionManager is always set to ServletContainerSessionManager, when it should be a DefaultWebSessionManager. I tried adding these to my config:
sessionManager = org.apache.shiro.web.session.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
...but still, the DefaultWebSecurityManager.sessionManager field is an instance of ServletContainerSessionManager.
I'm stumped. I guess I'm not clear on what SecurityManager instance is being called by this config stuff. Perhaps I'm missing some sort of:
something.securityManager = securityManager
Andy
p.s. here's my full [main] section of my filter:
realmA = org.apache.shiro.realm.text.PropertiesRealm
securityManager = org.apache.shiro.web.DefaultWebSecurityManager
sessionManager = org.apache.shiro.web.session.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionMode = native
cacheManager = org.apache.shiro.cache.DefaultCacheManager
sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
sessionDAO.cacheManager = $cacheManager
securityManager.sessionDAO = $sessionDAO
securityManager.cacheManager = $cacheManager
securityManager.realm = $realmA
> -----Original Message-----
> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> Behalf Of Les Hazlewood
> Sent: Wednesday, August 19, 2009 2:20 PM
> To: shiro-user@incubator.apache.org
> Subject: Re: need more help with SSO
>
> Hrm - that would be very odd if the DefaultWebSecurityManager was not
> the instance - that is what the ShiroFilter enables at startup by
> default. Just in case, try this as your very first config line:
>
> securityManager = org.apache.shiro.web.DefaultWebSecurityManager
>
> What does your debugger say is the securityManager instance?
> Something is very strange...
>
> Thanks for the extra info. Are there any JUnit tests you might be
> able to send our way?
>
> - Les
>
> On Wed, Aug 19, 2009 at 1:56 PM, Andy Tripp<An...@vonage.com>
> wrote:
> > Les,
> > I put tracing code in DefaultWebSecurityManager.setSessionMode(), and it
> appears that this method is not getting called. So the
> ServletContainerSessionManager is not getting replace by a
> DefaultWebSessionManager. So it appears that this line in the filter
> config:
> >
> > securityManager.sessionMode = native
> >
> > is having no effect (note that it's securityManager, not sessionManager
> as you suggest in the previous response).
> >
> > I'll keep trying to track it down further, any pointers would be
> appreciated. I'm off to try to find the some SecurityManager instance,
> which I suspect is something other than a DefaultWebSecurityManager, which
> would mean that this config line is failing silently.
> >
> > Obviously, all this dependency injection via XML is driving me
> completely crazy. I may be allergic to server-side Java :)
> >
> > Andy
> >
> >> -----Original Message-----
> >> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> >> Behalf Of Les Hazlewood
> >> Sent: Wednesday, August 19, 2009 12:46 PM
> >> To: shiro-user@incubator.apache.org
> >> Subject: Re: need more help with SSO
> >>
> >> Hi Andy,
> >>
> >> A quick note about the message: that was a bug in the exception
> >> message, but the code is working as expected: if the wrapped
> >> SessionManager does not implement the SessionDAOAware interface, it
> >> cannot be injected with a SessionDAO. I have since fixed the message
> >> to be correct and committed this change, although the code logic has
> >> not been changed.
> >>
> >> Also, make sure that you do this:
> >>
> >> sessionManager.sessionMode = native
> >>
> >> before you try to inject the SessionDAO. The above call will
> >> automatically substitute the ServletContainerSessionManager for a
> >> DefaultWebSessionManager implementation on the fly. This latter
> >> implementation does in fact implement SessionDAOAware and should
> >> readily accept SessionDAO instances that are passed through the
> >> securityManager.setSessionDAO(...) call.
> >>
> >> In the meantime, I'll try to create a unit test with the ShiroFilter
> >> to see I can accurately recreate your issue, but I've been strapped
> >> for time lately - if you could create one (if possible) and post it to
> >> a Jira issue, that would help a lot.
> >>
> >> Regards,
> >>
> >> Les
> >>
> >> On Tue, Aug 18, 2009 at 11:34 AM, Les Hazlewood<lh...@apache.org>
> >> wrote:
> >> > Hi Andy,
> >> >
> >> > Thanks very much for sending this along - it is very helpful. I'll
> be
> >> > able to look into this a bit more later tonight.
> >> >
> >> > Regards,
> >> >
> >> > Les
> >> >
> >> > On Tue, Aug 18, 2009 at 11:21 AM, Andy Tripp<An...@vonage.com>
> >> wrote:
> >> >> Les,
> >> >> I tracked this problem down through a maze of try/catch blocks, I
> see
> >> this exception:
> >> >>
> >> >> javax.servlet.ServletException: Unable to load from text
> configuration.
> >> e2=org.apache.shiro.config.ConfigurationException:
> >> org.apache.shiro.config.ConfigurationException: Unable to set property
> >> [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a reference
> to
> >> another (previously defined) object, please prefix it with '$' to
> indicate
> >> that the referenced object should be used as the actual value. For
> >> example, $$sessionDAO
> >> >>
> >> >> ...which I tracked down to the ReflectionBuilder.applyProperty()
> method
> >> calling BeanUtils.setProperty() and catching an InvocationException.
> The
> >> cause of that exception is:
> >> >>
> >> >> java.lang.IllegalArgumentException: The underlying session manager
> is
> >> null or does not implement the
> org.apache.shiro.session.mgt.eis.SessionDAO
> >> >> interface, which is required if the underlying instance is to
> receive
> >> the sessionDAO argument.
> >> >>
> >> >>
> >> >> ...which comes from SessionsSecurityManager.setSessionDAO(), which
> >> checks
> >> >> to see that the SessionDAO parameter implements SessionDAOAware. The
> >> passed value is actually of class ServletContainerSessionManager, which
> >> does NOT
> >> >> implement SessionDAOAware.
> >> >>
> >> >> So I guess the mystery is why we're getting setSessionDAO() being
> >> passed a ServletContainerSessionManager, when in fact we have this
> config
> >> line:
> >> >>
> >> >> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >> >>
> >> >> Hope this helps,
> >> >> Andy
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>> -----Original Message-----
> >> >>> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
> >> >>> Sent: Tuesday, August 18, 2009 10:04 AM
> >> >>> To: shiro-user@incubator.apache.org
> >> >>> Subject: RE: need more help with SSO
> >> >>>
> >> >>> Les,
> >> >>>
> >> >>> I tried what you have below and still get the same "Unable to load
> >> from
> >> >>> text configuration" error. I tried it with the latest Shiro. I
> >> narrowed
> >> >>> the problem down to this line:
> >> >>>
> >> >>> securityManager.sessionDAO = $sessionDAO
> >> >>>
> >> >>> I get no errors with that line commented out.
> >> >>>
> >> >>> Any ideas? If not, I could put some tracing in the
> >> OncePerRequestFilter
> >> >>> class to narrow the problem down further.
> >> >>>
> >> >>> Andy
> >> >>>
> >> >>> > -----Original Message-----
> >> >>> > From: les.hazlewood@anjinllc.com
> [mailto:les.hazlewood@anjinllc.com]
> >> On
> >> >>> > Behalf Of Les Hazlewood
> >> >>> > Sent: Monday, August 17, 2009 5:11 PM
> >> >>> > To: shiro-user@incubator.apache.org
> >> >>> > Subject: Re: need more help with SSO
> >> >>> >
> >> >>> > Hi Andy,
> >> >>> >
> >> >>> > I just verified that this simple test config works, although not
> in
> >> a
> >> >>> > web environment:
> >> >>> >
> >> >>> > ----
> >> >>> > realmA = org.apache.shiro.realm.text.PropertiesRealm
> >> >>> >
> >> >>> > securityManager.sessionMode = native
> >> >>> >
> >> >>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
> >> >>> >
> >> >>> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >> >>> > sessionDAO.cacheManager = $cacheManager
> >> >>> > securityManager.sessionDAO = $sessionDAO
> >> >>> > securityManager.cacheManager = $cacheManager
> >> >>> >
> >> >>> > securityManager.realm = $realmA
> >> >>> > ----
> >> >>> >
> >> >>> > Could you please try that out and see if it works in your web
> >> >>> > environment? If so, can you try substituting the
> >> DefaultCacheManager
> >> >>> > implementation (and your realm implementation) with with your
> >> >>> > implementations and see what happens?
> >> >>> >
> >> >>> > - Les
> >> >>> >
> >> >>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy
> Tripp<An...@vonage.com>
> >> >>> > wrote:
> >> >>> > > Here's the complete tomcat log file:
> >> >>> > >
> >> >>> > > Aug 17, 2009 3:40:13 PM
> org.apache.catalina.core.StandardContext
> >> >>> > filterStart
> >> >>> > > SEVERE: Exception starting filter ShiroFilter
> >> >>> > > javax.servlet.ServletException: Unable to load from text
> >> >>> configuration.
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
> >> >>> > r.java:148)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
> >> >>> > erConfig.java:221)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
> >> >>> > ilterConfig.java:302)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
> >> >>> > onfig.java:78)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
> >> >>> > 3635)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
> >> >>> > :760)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
> >> >>> > )
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
> >> >>> > 90)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
> >> >>> > > at
> >> >>> >
> org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
> >> >>> > ort.java:120)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
> >> >>> > > at
> >> >>> >
> org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> >> >>> > > at
> >> >>> >
> >>
> org.apache.catalina.core.StandardService.start(StandardService.java:448)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
> >> >>> > > at
> >> >>> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
> >> >>> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> >> Method)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> >> >>> > 39)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
> >> >>> > pl.java:25)
> >> >>> > > at java.lang.reflect.Method.invoke(Method.java:597)
> >> >>> > > at
> >> >>> > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
> >> >>> > > at
> >> >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> >> >>> > > Aug 17, 2009 3:40:13 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init():
> >> ruleChain:
> >> >>> > [org.apache.webapp.balancer.RuleChain:
> >> >>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target
> string:
> >> >>> News
> >> >>> > / Redirect URL: http://www.cnn.com],
> >> >>> > [org.apache.webapp.balancer.rules.RequestParameterRule: Target
> param
> >> >>> name:
> >> >>> > paramName / Target param value: paramValue / Redirect URL:
> >> >>> > http://www.yahoo.com],
> >> >>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect
> >> URL:
> >> >>> > http://jakarta.apache.org]]
> >> >>> > > Aug 17, 2009 3:40:13 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: ContextListener: contextInitialized()
> >> >>> > > Aug 17, 2009 3:40:13 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: SessionListener: contextInitialized()
> >> >>> > > Aug 17, 2009 3:40:13 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: ContextListener: contextInitialized()
> >> >>> > > Aug 17, 2009 3:40:13 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: SessionListener: contextInitialized()
> >> >>> > > Aug 17, 2009 4:25:59 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: SessionListener: contextDestroyed()
> >> >>> > > Aug 17, 2009 4:25:59 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: ContextListener: contextDestroyed()
> >> >>> > > Aug 17, 2009 4:25:59 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: SessionListener: contextDestroyed()
> >> >>> > > Aug 17, 2009 4:25:59 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: ContextListener: contextDestroyed()
> >> >>> > >
> >> >>> > >> -----Original Message-----
> >> >>> > >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
> >> >>> > >> Sent: Monday, August 17, 2009 4:24 PM
> >> >>> > >> To: shiro-user@incubator.apache.org
> >> >>> > >> Subject: Re: need more help with SSO
> >> >>> > >>
> >> >>> > >> Hi Andy,
> >> >>> > >>
> >> >>> > >> It goes in the main section, definitely. Is there any more to
> >> the
> >> >>> > >> exception? I'd like to see the entire stack trace if
> possible.
> >> >>> > >>
> >> >>> > >> - Les
> >> >>> > >>
> >> >>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy
> >> Tripp<An...@vonage.com>
> >> >>> > >> wrote:
> >> >>> > >> > I created my own Cache and CacheManager:
> >> >>> > >> >
> >> >>> > >> > public class VonageDistributedSessionCache implements Cache
> {
> >> >>> > >> > public VonageDistributedSessionCache(String name) {
> >> >>> > >> > System.err.println("VonageDistributedSessionCache
> >> >>> > >> > constructor.");
> >> >>> > >> > }
> >> >>> > >> > ...
> >> >>> > >> > }
> >> >>> > >> >
> >> >>> > >> > public class VonageDistributedSessionCacheManager implements
> >> >>> > >> > CacheManager {
> >> >>> > >> > public Cache getCache(String name) throws CacheException
> {
> >> >>> > >> > return new VonageDistributedSessionCache(name);
> >> >>> > >> > }
> >> >>> > >> > }
> >> >>> > >> >
> >> >>> > >> > Then in [main] section of my ShiroFilter in web.xml, I have:
> >> >>> > >> > [main]
> >> >>> > >> > realmA = com.vonage.auth.client.VonageAuthenticationRealm
> >> >>> > >> >
> >> >>> > >> > securityManager.sessionMode = native
> >> >>> > >> >
> >> >>> > >> > And when I add this:
> >> >>> > >> > # pull in vonage centralized authentication:
> >> >>> > >> > cacheManager =
> >> >>> > >> > com.vonage.auth.client.VonageDistributedSessionCacheManager
> >> >>> > >> > sessionDAO =
> org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >> >>> > >> > sessionDAO.cacheManager = $cacheManager
> >> >>> > >> > securityManager.sessionDAO = $sessionDAO
> >> >>> > >> > securityManager.cacheManager = $cacheManager
> >> >>> > >> >
> >> >>> > >> > ...I get this error:
> >> >>> > >> > javax.servlet.ServletException: Unable to load from text
> >> >>> > configuration.
> >> >>> > >> >
> >> >>> > >> > So...does this injection go here in the [main] section of
> >> >>> > ShiroFilter,
> >> >>> > >> > or somewhere else?
> >> >>> > >> >
> >> >>> > >> > Thanks,
> >> >>> > >> > Andy
> >> >>> > >> >
> >> >>> > >
> >> >>
> >> >
> >
Re: need more help with SSO
Posted by Les Hazlewood <lh...@apache.org>.
Hrm - that would be very odd if the DefaultWebSecurityManager was not
the instance - that is what the ShiroFilter enables at startup by
default. Just in case, try this as your very first config line:
securityManager = org.apache.shiro.web.DefaultWebSecurityManager
What does your debugger say is the securityManager instance?
Something is very strange...
Thanks for the extra info. Are there any JUnit tests you might be
able to send our way?
- Les
On Wed, Aug 19, 2009 at 1:56 PM, Andy Tripp<An...@vonage.com> wrote:
> Les,
> I put tracing code in DefaultWebSecurityManager.setSessionMode(), and it appears that this method is not getting called. So the ServletContainerSessionManager is not getting replace by a DefaultWebSessionManager. So it appears that this line in the filter config:
>
> securityManager.sessionMode = native
>
> is having no effect (note that it's securityManager, not sessionManager as you suggest in the previous response).
>
> I'll keep trying to track it down further, any pointers would be appreciated. I'm off to try to find the some SecurityManager instance, which I suspect is something other than a DefaultWebSecurityManager, which would mean that this config line is failing silently.
>
> Obviously, all this dependency injection via XML is driving me completely crazy. I may be allergic to server-side Java :)
>
> Andy
>
>> -----Original Message-----
>> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
>> Behalf Of Les Hazlewood
>> Sent: Wednesday, August 19, 2009 12:46 PM
>> To: shiro-user@incubator.apache.org
>> Subject: Re: need more help with SSO
>>
>> Hi Andy,
>>
>> A quick note about the message: that was a bug in the exception
>> message, but the code is working as expected: if the wrapped
>> SessionManager does not implement the SessionDAOAware interface, it
>> cannot be injected with a SessionDAO. I have since fixed the message
>> to be correct and committed this change, although the code logic has
>> not been changed.
>>
>> Also, make sure that you do this:
>>
>> sessionManager.sessionMode = native
>>
>> before you try to inject the SessionDAO. The above call will
>> automatically substitute the ServletContainerSessionManager for a
>> DefaultWebSessionManager implementation on the fly. This latter
>> implementation does in fact implement SessionDAOAware and should
>> readily accept SessionDAO instances that are passed through the
>> securityManager.setSessionDAO(...) call.
>>
>> In the meantime, I'll try to create a unit test with the ShiroFilter
>> to see I can accurately recreate your issue, but I've been strapped
>> for time lately - if you could create one (if possible) and post it to
>> a Jira issue, that would help a lot.
>>
>> Regards,
>>
>> Les
>>
>> On Tue, Aug 18, 2009 at 11:34 AM, Les Hazlewood<lh...@apache.org>
>> wrote:
>> > Hi Andy,
>> >
>> > Thanks very much for sending this along - it is very helpful. I'll be
>> > able to look into this a bit more later tonight.
>> >
>> > Regards,
>> >
>> > Les
>> >
>> > On Tue, Aug 18, 2009 at 11:21 AM, Andy Tripp<An...@vonage.com>
>> wrote:
>> >> Les,
>> >> I tracked this problem down through a maze of try/catch blocks, I see
>> this exception:
>> >>
>> >> javax.servlet.ServletException: Unable to load from text configuration.
>> e2=org.apache.shiro.config.ConfigurationException:
>> org.apache.shiro.config.ConfigurationException: Unable to set property
>> [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a reference to
>> another (previously defined) object, please prefix it with '$' to indicate
>> that the referenced object should be used as the actual value. For
>> example, $$sessionDAO
>> >>
>> >> ...which I tracked down to the ReflectionBuilder.applyProperty() method
>> calling BeanUtils.setProperty() and catching an InvocationException. The
>> cause of that exception is:
>> >>
>> >> java.lang.IllegalArgumentException: The underlying session manager is
>> null or does not implement the org.apache.shiro.session.mgt.eis.SessionDAO
>> >> interface, which is required if the underlying instance is to receive
>> the sessionDAO argument.
>> >>
>> >>
>> >> ...which comes from SessionsSecurityManager.setSessionDAO(), which
>> checks
>> >> to see that the SessionDAO parameter implements SessionDAOAware. The
>> passed value is actually of class ServletContainerSessionManager, which
>> does NOT
>> >> implement SessionDAOAware.
>> >>
>> >> So I guess the mystery is why we're getting setSessionDAO() being
>> passed a ServletContainerSessionManager, when in fact we have this config
>> line:
>> >>
>> >> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> >>
>> >> Hope this helps,
>> >> Andy
>> >>
>> >>
>> >>
>> >>
>> >>> -----Original Message-----
>> >>> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
>> >>> Sent: Tuesday, August 18, 2009 10:04 AM
>> >>> To: shiro-user@incubator.apache.org
>> >>> Subject: RE: need more help with SSO
>> >>>
>> >>> Les,
>> >>>
>> >>> I tried what you have below and still get the same "Unable to load
>> from
>> >>> text configuration" error. I tried it with the latest Shiro. I
>> narrowed
>> >>> the problem down to this line:
>> >>>
>> >>> securityManager.sessionDAO = $sessionDAO
>> >>>
>> >>> I get no errors with that line commented out.
>> >>>
>> >>> Any ideas? If not, I could put some tracing in the
>> OncePerRequestFilter
>> >>> class to narrow the problem down further.
>> >>>
>> >>> Andy
>> >>>
>> >>> > -----Original Message-----
>> >>> > From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com]
>> On
>> >>> > Behalf Of Les Hazlewood
>> >>> > Sent: Monday, August 17, 2009 5:11 PM
>> >>> > To: shiro-user@incubator.apache.org
>> >>> > Subject: Re: need more help with SSO
>> >>> >
>> >>> > Hi Andy,
>> >>> >
>> >>> > I just verified that this simple test config works, although not in
>> a
>> >>> > web environment:
>> >>> >
>> >>> > ----
>> >>> > realmA = org.apache.shiro.realm.text.PropertiesRealm
>> >>> >
>> >>> > securityManager.sessionMode = native
>> >>> >
>> >>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
>> >>> >
>> >>> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> >>> > sessionDAO.cacheManager = $cacheManager
>> >>> > securityManager.sessionDAO = $sessionDAO
>> >>> > securityManager.cacheManager = $cacheManager
>> >>> >
>> >>> > securityManager.realm = $realmA
>> >>> > ----
>> >>> >
>> >>> > Could you please try that out and see if it works in your web
>> >>> > environment? If so, can you try substituting the
>> DefaultCacheManager
>> >>> > implementation (and your realm implementation) with with your
>> >>> > implementations and see what happens?
>> >>> >
>> >>> > - Les
>> >>> >
>> >>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy Tripp<An...@vonage.com>
>> >>> > wrote:
>> >>> > > Here's the complete tomcat log file:
>> >>> > >
>> >>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.StandardContext
>> >>> > filterStart
>> >>> > > SEVERE: Exception starting filter ShiroFilter
>> >>> > > javax.servlet.ServletException: Unable to load from text
>> >>> configuration.
>> >>> > > at
>> >>> >
>> >>>
>> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
>> >>> > r.java:148)
>> >>> > > at
>> >>> >
>> >>>
>> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
>> >>> > erConfig.java:221)
>> >>> > > at
>> >>> >
>> >>>
>> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
>> >>> > ilterConfig.java:302)
>> >>> > > at
>> >>> >
>> >>>
>> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
>> >>> > onfig.java:78)
>> >>> > > at
>> >>> >
>> >>>
>> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
>> >>> > 3635)
>> >>> > > at
>> >>> >
>> >>>
>> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
>> >>> > > at
>> >>> >
>> >>>
>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
>> >>> > :760)
>> >>> > > at
>> >>> >
>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
>> >>> > > at
>> >>> >
>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
>> >>> > > at
>> >>> >
>> >>>
>> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
>> >>> > )
>> >>> > > at
>> >>> >
>> >>>
>> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
>> >>> > 90)
>> >>> > > at
>> >>> >
>> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
>> >>> > > at
>> >>> > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
>> >>> > > at
>> >>> >
>> >>>
>> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>> >>> > > at
>> >>> >
>> >>>
>> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
>> >>> > ort.java:120)
>> >>> > > at
>> >>> >
>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
>> >>> > > at
>> >>> > org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
>> >>> > > at
>> >>> >
>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
>> >>> > > at
>> >>> >
>> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>> >>> > > at
>> >>> >
>> org.apache.catalina.core.StandardService.start(StandardService.java:448)
>> >>> > > at
>> >>> >
>> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
>> >>> > > at
>> >>> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>> >>> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>> >>> > > at
>> >>> >
>> >>>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> >>> > 39)
>> >>> > > at
>> >>> >
>> >>>
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
>> >>> > pl.java:25)
>> >>> > > at java.lang.reflect.Method.invoke(Method.java:597)
>> >>> > > at
>> >>> > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>> >>> > > at
>> >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
>> >>> > > Aug 17, 2009 3:40:13 PM
>> org.apache.catalina.core.ApplicationContext
>> >>> log
>> >>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init():
>> ruleChain:
>> >>> > [org.apache.webapp.balancer.RuleChain:
>> >>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string:
>> >>> News
>> >>> > / Redirect URL: http://www.cnn.com],
>> >>> > [org.apache.webapp.balancer.rules.RequestParameterRule: Target param
>> >>> name:
>> >>> > paramName / Target param value: paramValue / Redirect URL:
>> >>> > http://www.yahoo.com],
>> >>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect
>> URL:
>> >>> > http://jakarta.apache.org]]
>> >>> > > Aug 17, 2009 3:40:13 PM
>> org.apache.catalina.core.ApplicationContext
>> >>> log
>> >>> > > INFO: ContextListener: contextInitialized()
>> >>> > > Aug 17, 2009 3:40:13 PM
>> org.apache.catalina.core.ApplicationContext
>> >>> log
>> >>> > > INFO: SessionListener: contextInitialized()
>> >>> > > Aug 17, 2009 3:40:13 PM
>> org.apache.catalina.core.ApplicationContext
>> >>> log
>> >>> > > INFO: ContextListener: contextInitialized()
>> >>> > > Aug 17, 2009 3:40:13 PM
>> org.apache.catalina.core.ApplicationContext
>> >>> log
>> >>> > > INFO: SessionListener: contextInitialized()
>> >>> > > Aug 17, 2009 4:25:59 PM
>> org.apache.catalina.core.ApplicationContext
>> >>> log
>> >>> > > INFO: SessionListener: contextDestroyed()
>> >>> > > Aug 17, 2009 4:25:59 PM
>> org.apache.catalina.core.ApplicationContext
>> >>> log
>> >>> > > INFO: ContextListener: contextDestroyed()
>> >>> > > Aug 17, 2009 4:25:59 PM
>> org.apache.catalina.core.ApplicationContext
>> >>> log
>> >>> > > INFO: SessionListener: contextDestroyed()
>> >>> > > Aug 17, 2009 4:25:59 PM
>> org.apache.catalina.core.ApplicationContext
>> >>> log
>> >>> > > INFO: ContextListener: contextDestroyed()
>> >>> > >
>> >>> > >> -----Original Message-----
>> >>> > >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
>> >>> > >> Sent: Monday, August 17, 2009 4:24 PM
>> >>> > >> To: shiro-user@incubator.apache.org
>> >>> > >> Subject: Re: need more help with SSO
>> >>> > >>
>> >>> > >> Hi Andy,
>> >>> > >>
>> >>> > >> It goes in the main section, definitely. Is there any more to
>> the
>> >>> > >> exception? I'd like to see the entire stack trace if possible.
>> >>> > >>
>> >>> > >> - Les
>> >>> > >>
>> >>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy
>> Tripp<An...@vonage.com>
>> >>> > >> wrote:
>> >>> > >> > I created my own Cache and CacheManager:
>> >>> > >> >
>> >>> > >> > public class VonageDistributedSessionCache implements Cache {
>> >>> > >> > public VonageDistributedSessionCache(String name) {
>> >>> > >> > System.err.println("VonageDistributedSessionCache
>> >>> > >> > constructor.");
>> >>> > >> > }
>> >>> > >> > ...
>> >>> > >> > }
>> >>> > >> >
>> >>> > >> > public class VonageDistributedSessionCacheManager implements
>> >>> > >> > CacheManager {
>> >>> > >> > public Cache getCache(String name) throws CacheException {
>> >>> > >> > return new VonageDistributedSessionCache(name);
>> >>> > >> > }
>> >>> > >> > }
>> >>> > >> >
>> >>> > >> > Then in [main] section of my ShiroFilter in web.xml, I have:
>> >>> > >> > [main]
>> >>> > >> > realmA = com.vonage.auth.client.VonageAuthenticationRealm
>> >>> > >> >
>> >>> > >> > securityManager.sessionMode = native
>> >>> > >> >
>> >>> > >> > And when I add this:
>> >>> > >> > # pull in vonage centralized authentication:
>> >>> > >> > cacheManager =
>> >>> > >> > com.vonage.auth.client.VonageDistributedSessionCacheManager
>> >>> > >> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> >>> > >> > sessionDAO.cacheManager = $cacheManager
>> >>> > >> > securityManager.sessionDAO = $sessionDAO
>> >>> > >> > securityManager.cacheManager = $cacheManager
>> >>> > >> >
>> >>> > >> > ...I get this error:
>> >>> > >> > javax.servlet.ServletException: Unable to load from text
>> >>> > configuration.
>> >>> > >> >
>> >>> > >> > So...does this injection go here in the [main] section of
>> >>> > ShiroFilter,
>> >>> > >> > or somewhere else?
>> >>> > >> >
>> >>> > >> > Thanks,
>> >>> > >> > Andy
>> >>> > >> >
>> >>> > >
>> >>
>> >
>
RE: need more help with SSO
Posted by Andy Tripp <An...@vonage.com>.
Les,
I put tracing code in DefaultWebSecurityManager.setSessionMode(), and it appears that this method is not getting called. So the ServletContainerSessionManager is not getting replace by a DefaultWebSessionManager. So it appears that this line in the filter config:
securityManager.sessionMode = native
is having no effect (note that it's securityManager, not sessionManager as you suggest in the previous response).
I'll keep trying to track it down further, any pointers would be appreciated. I'm off to try to find the some SecurityManager instance, which I suspect is something other than a DefaultWebSecurityManager, which would mean that this config line is failing silently.
Obviously, all this dependency injection via XML is driving me completely crazy. I may be allergic to server-side Java :)
Andy
> -----Original Message-----
> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> Behalf Of Les Hazlewood
> Sent: Wednesday, August 19, 2009 12:46 PM
> To: shiro-user@incubator.apache.org
> Subject: Re: need more help with SSO
>
> Hi Andy,
>
> A quick note about the message: that was a bug in the exception
> message, but the code is working as expected: if the wrapped
> SessionManager does not implement the SessionDAOAware interface, it
> cannot be injected with a SessionDAO. I have since fixed the message
> to be correct and committed this change, although the code logic has
> not been changed.
>
> Also, make sure that you do this:
>
> sessionManager.sessionMode = native
>
> before you try to inject the SessionDAO. The above call will
> automatically substitute the ServletContainerSessionManager for a
> DefaultWebSessionManager implementation on the fly. This latter
> implementation does in fact implement SessionDAOAware and should
> readily accept SessionDAO instances that are passed through the
> securityManager.setSessionDAO(...) call.
>
> In the meantime, I'll try to create a unit test with the ShiroFilter
> to see I can accurately recreate your issue, but I've been strapped
> for time lately - if you could create one (if possible) and post it to
> a Jira issue, that would help a lot.
>
> Regards,
>
> Les
>
> On Tue, Aug 18, 2009 at 11:34 AM, Les Hazlewood<lh...@apache.org>
> wrote:
> > Hi Andy,
> >
> > Thanks very much for sending this along - it is very helpful. I'll be
> > able to look into this a bit more later tonight.
> >
> > Regards,
> >
> > Les
> >
> > On Tue, Aug 18, 2009 at 11:21 AM, Andy Tripp<An...@vonage.com>
> wrote:
> >> Les,
> >> I tracked this problem down through a maze of try/catch blocks, I see
> this exception:
> >>
> >> javax.servlet.ServletException: Unable to load from text configuration.
> e2=org.apache.shiro.config.ConfigurationException:
> org.apache.shiro.config.ConfigurationException: Unable to set property
> [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a reference to
> another (previously defined) object, please prefix it with '$' to indicate
> that the referenced object should be used as the actual value. For
> example, $$sessionDAO
> >>
> >> ...which I tracked down to the ReflectionBuilder.applyProperty() method
> calling BeanUtils.setProperty() and catching an InvocationException. The
> cause of that exception is:
> >>
> >> java.lang.IllegalArgumentException: The underlying session manager is
> null or does not implement the org.apache.shiro.session.mgt.eis.SessionDAO
> >> interface, which is required if the underlying instance is to receive
> the sessionDAO argument.
> >>
> >>
> >> ...which comes from SessionsSecurityManager.setSessionDAO(), which
> checks
> >> to see that the SessionDAO parameter implements SessionDAOAware. The
> passed value is actually of class ServletContainerSessionManager, which
> does NOT
> >> implement SessionDAOAware.
> >>
> >> So I guess the mystery is why we're getting setSessionDAO() being
> passed a ServletContainerSessionManager, when in fact we have this config
> line:
> >>
> >> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >>
> >> Hope this helps,
> >> Andy
> >>
> >>
> >>
> >>
> >>> -----Original Message-----
> >>> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
> >>> Sent: Tuesday, August 18, 2009 10:04 AM
> >>> To: shiro-user@incubator.apache.org
> >>> Subject: RE: need more help with SSO
> >>>
> >>> Les,
> >>>
> >>> I tried what you have below and still get the same "Unable to load
> from
> >>> text configuration" error. I tried it with the latest Shiro. I
> narrowed
> >>> the problem down to this line:
> >>>
> >>> securityManager.sessionDAO = $sessionDAO
> >>>
> >>> I get no errors with that line commented out.
> >>>
> >>> Any ideas? If not, I could put some tracing in the
> OncePerRequestFilter
> >>> class to narrow the problem down further.
> >>>
> >>> Andy
> >>>
> >>> > -----Original Message-----
> >>> > From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com]
> On
> >>> > Behalf Of Les Hazlewood
> >>> > Sent: Monday, August 17, 2009 5:11 PM
> >>> > To: shiro-user@incubator.apache.org
> >>> > Subject: Re: need more help with SSO
> >>> >
> >>> > Hi Andy,
> >>> >
> >>> > I just verified that this simple test config works, although not in
> a
> >>> > web environment:
> >>> >
> >>> > ----
> >>> > realmA = org.apache.shiro.realm.text.PropertiesRealm
> >>> >
> >>> > securityManager.sessionMode = native
> >>> >
> >>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
> >>> >
> >>> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >>> > sessionDAO.cacheManager = $cacheManager
> >>> > securityManager.sessionDAO = $sessionDAO
> >>> > securityManager.cacheManager = $cacheManager
> >>> >
> >>> > securityManager.realm = $realmA
> >>> > ----
> >>> >
> >>> > Could you please try that out and see if it works in your web
> >>> > environment? If so, can you try substituting the
> DefaultCacheManager
> >>> > implementation (and your realm implementation) with with your
> >>> > implementations and see what happens?
> >>> >
> >>> > - Les
> >>> >
> >>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy Tripp<An...@vonage.com>
> >>> > wrote:
> >>> > > Here's the complete tomcat log file:
> >>> > >
> >>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.StandardContext
> >>> > filterStart
> >>> > > SEVERE: Exception starting filter ShiroFilter
> >>> > > javax.servlet.ServletException: Unable to load from text
> >>> configuration.
> >>> > > at
> >>> >
> >>>
> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
> >>> > r.java:148)
> >>> > > at
> >>> >
> >>>
> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
> >>> > erConfig.java:221)
> >>> > > at
> >>> >
> >>>
> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
> >>> > ilterConfig.java:302)
> >>> > > at
> >>> >
> >>>
> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
> >>> > onfig.java:78)
> >>> > > at
> >>> >
> >>>
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
> >>> > 3635)
> >>> > > at
> >>> >
> >>>
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
> >>> > > at
> >>> >
> >>>
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
> >>> > :760)
> >>> > > at
> >>> >
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
> >>> > > at
> >>> >
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
> >>> > > at
> >>> >
> >>>
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
> >>> > )
> >>> > > at
> >>> >
> >>>
> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
> >>> > 90)
> >>> > > at
> >>> >
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
> >>> > > at
> >>> > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
> >>> > > at
> >>> >
> >>>
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
> >>> > > at
> >>> >
> >>>
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
> >>> > ort.java:120)
> >>> > > at
> >>> >
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
> >>> > > at
> >>> > org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
> >>> > > at
> >>> >
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
> >>> > > at
> >>> >
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> >>> > > at
> >>> >
> org.apache.catalina.core.StandardService.start(StandardService.java:448)
> >>> > > at
> >>> >
> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
> >>> > > at
> >>> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
> >>> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> >>> > > at
> >>> >
> >>>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> >>> > 39)
> >>> > > at
> >>> >
> >>>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
> >>> > pl.java:25)
> >>> > > at java.lang.reflect.Method.invoke(Method.java:597)
> >>> > > at
> >>> > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
> >>> > > at
> >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> >>> > > Aug 17, 2009 3:40:13 PM
> org.apache.catalina.core.ApplicationContext
> >>> log
> >>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init():
> ruleChain:
> >>> > [org.apache.webapp.balancer.RuleChain:
> >>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string:
> >>> News
> >>> > / Redirect URL: http://www.cnn.com],
> >>> > [org.apache.webapp.balancer.rules.RequestParameterRule: Target param
> >>> name:
> >>> > paramName / Target param value: paramValue / Redirect URL:
> >>> > http://www.yahoo.com],
> >>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect
> URL:
> >>> > http://jakarta.apache.org]]
> >>> > > Aug 17, 2009 3:40:13 PM
> org.apache.catalina.core.ApplicationContext
> >>> log
> >>> > > INFO: ContextListener: contextInitialized()
> >>> > > Aug 17, 2009 3:40:13 PM
> org.apache.catalina.core.ApplicationContext
> >>> log
> >>> > > INFO: SessionListener: contextInitialized()
> >>> > > Aug 17, 2009 3:40:13 PM
> org.apache.catalina.core.ApplicationContext
> >>> log
> >>> > > INFO: ContextListener: contextInitialized()
> >>> > > Aug 17, 2009 3:40:13 PM
> org.apache.catalina.core.ApplicationContext
> >>> log
> >>> > > INFO: SessionListener: contextInitialized()
> >>> > > Aug 17, 2009 4:25:59 PM
> org.apache.catalina.core.ApplicationContext
> >>> log
> >>> > > INFO: SessionListener: contextDestroyed()
> >>> > > Aug 17, 2009 4:25:59 PM
> org.apache.catalina.core.ApplicationContext
> >>> log
> >>> > > INFO: ContextListener: contextDestroyed()
> >>> > > Aug 17, 2009 4:25:59 PM
> org.apache.catalina.core.ApplicationContext
> >>> log
> >>> > > INFO: SessionListener: contextDestroyed()
> >>> > > Aug 17, 2009 4:25:59 PM
> org.apache.catalina.core.ApplicationContext
> >>> log
> >>> > > INFO: ContextListener: contextDestroyed()
> >>> > >
> >>> > >> -----Original Message-----
> >>> > >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
> >>> > >> Sent: Monday, August 17, 2009 4:24 PM
> >>> > >> To: shiro-user@incubator.apache.org
> >>> > >> Subject: Re: need more help with SSO
> >>> > >>
> >>> > >> Hi Andy,
> >>> > >>
> >>> > >> It goes in the main section, definitely. Is there any more to
> the
> >>> > >> exception? I'd like to see the entire stack trace if possible.
> >>> > >>
> >>> > >> - Les
> >>> > >>
> >>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy
> Tripp<An...@vonage.com>
> >>> > >> wrote:
> >>> > >> > I created my own Cache and CacheManager:
> >>> > >> >
> >>> > >> > public class VonageDistributedSessionCache implements Cache {
> >>> > >> > public VonageDistributedSessionCache(String name) {
> >>> > >> > System.err.println("VonageDistributedSessionCache
> >>> > >> > constructor.");
> >>> > >> > }
> >>> > >> > ...
> >>> > >> > }
> >>> > >> >
> >>> > >> > public class VonageDistributedSessionCacheManager implements
> >>> > >> > CacheManager {
> >>> > >> > public Cache getCache(String name) throws CacheException {
> >>> > >> > return new VonageDistributedSessionCache(name);
> >>> > >> > }
> >>> > >> > }
> >>> > >> >
> >>> > >> > Then in [main] section of my ShiroFilter in web.xml, I have:
> >>> > >> > [main]
> >>> > >> > realmA = com.vonage.auth.client.VonageAuthenticationRealm
> >>> > >> >
> >>> > >> > securityManager.sessionMode = native
> >>> > >> >
> >>> > >> > And when I add this:
> >>> > >> > # pull in vonage centralized authentication:
> >>> > >> > cacheManager =
> >>> > >> > com.vonage.auth.client.VonageDistributedSessionCacheManager
> >>> > >> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >>> > >> > sessionDAO.cacheManager = $cacheManager
> >>> > >> > securityManager.sessionDAO = $sessionDAO
> >>> > >> > securityManager.cacheManager = $cacheManager
> >>> > >> >
> >>> > >> > ...I get this error:
> >>> > >> > javax.servlet.ServletException: Unable to load from text
> >>> > configuration.
> >>> > >> >
> >>> > >> > So...does this injection go here in the [main] section of
> >>> > ShiroFilter,
> >>> > >> > or somewhere else?
> >>> > >> >
> >>> > >> > Thanks,
> >>> > >> > Andy
> >>> > >> >
> >>> > >
> >>
> >
Re: need more help with SSO
Posted by Les Hazlewood <lh...@apache.org>.
Hi Andy,
A quick note about the message: that was a bug in the exception
message, but the code is working as expected: if the wrapped
SessionManager does not implement the SessionDAOAware interface, it
cannot be injected with a SessionDAO. I have since fixed the message
to be correct and committed this change, although the code logic has
not been changed.
Also, make sure that you do this:
sessionManager.sessionMode = native
before you try to inject the SessionDAO. The above call will
automatically substitute the ServletContainerSessionManager for a
DefaultWebSessionManager implementation on the fly. This latter
implementation does in fact implement SessionDAOAware and should
readily accept SessionDAO instances that are passed through the
securityManager.setSessionDAO(...) call.
In the meantime, I'll try to create a unit test with the ShiroFilter
to see I can accurately recreate your issue, but I've been strapped
for time lately - if you could create one (if possible) and post it to
a Jira issue, that would help a lot.
Regards,
Les
On Tue, Aug 18, 2009 at 11:34 AM, Les Hazlewood<lh...@apache.org> wrote:
> Hi Andy,
>
> Thanks very much for sending this along - it is very helpful. I'll be
> able to look into this a bit more later tonight.
>
> Regards,
>
> Les
>
> On Tue, Aug 18, 2009 at 11:21 AM, Andy Tripp<An...@vonage.com> wrote:
>> Les,
>> I tracked this problem down through a maze of try/catch blocks, I see this exception:
>>
>> javax.servlet.ServletException: Unable to load from text configuration. e2=org.apache.shiro.config.ConfigurationException: org.apache.shiro.config.ConfigurationException: Unable to set property [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a reference to another (previously defined) object, please prefix it with '$' to indicate that the referenced object should be used as the actual value. For example, $$sessionDAO
>>
>> ...which I tracked down to the ReflectionBuilder.applyProperty() method calling BeanUtils.setProperty() and catching an InvocationException. The cause of that exception is:
>>
>> java.lang.IllegalArgumentException: The underlying session manager is null or does not implement the org.apache.shiro.session.mgt.eis.SessionDAO
>> interface, which is required if the underlying instance is to receive the sessionDAO argument.
>>
>>
>> ...which comes from SessionsSecurityManager.setSessionDAO(), which checks
>> to see that the SessionDAO parameter implements SessionDAOAware. The passed value is actually of class ServletContainerSessionManager, which does NOT
>> implement SessionDAOAware.
>>
>> So I guess the mystery is why we're getting setSessionDAO() being passed a ServletContainerSessionManager, when in fact we have this config line:
>>
>> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>>
>> Hope this helps,
>> Andy
>>
>>
>>
>>
>>> -----Original Message-----
>>> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
>>> Sent: Tuesday, August 18, 2009 10:04 AM
>>> To: shiro-user@incubator.apache.org
>>> Subject: RE: need more help with SSO
>>>
>>> Les,
>>>
>>> I tried what you have below and still get the same "Unable to load from
>>> text configuration" error. I tried it with the latest Shiro. I narrowed
>>> the problem down to this line:
>>>
>>> securityManager.sessionDAO = $sessionDAO
>>>
>>> I get no errors with that line commented out.
>>>
>>> Any ideas? If not, I could put some tracing in the OncePerRequestFilter
>>> class to narrow the problem down further.
>>>
>>> Andy
>>>
>>> > -----Original Message-----
>>> > From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
>>> > Behalf Of Les Hazlewood
>>> > Sent: Monday, August 17, 2009 5:11 PM
>>> > To: shiro-user@incubator.apache.org
>>> > Subject: Re: need more help with SSO
>>> >
>>> > Hi Andy,
>>> >
>>> > I just verified that this simple test config works, although not in a
>>> > web environment:
>>> >
>>> > ----
>>> > realmA = org.apache.shiro.realm.text.PropertiesRealm
>>> >
>>> > securityManager.sessionMode = native
>>> >
>>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
>>> >
>>> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>>> > sessionDAO.cacheManager = $cacheManager
>>> > securityManager.sessionDAO = $sessionDAO
>>> > securityManager.cacheManager = $cacheManager
>>> >
>>> > securityManager.realm = $realmA
>>> > ----
>>> >
>>> > Could you please try that out and see if it works in your web
>>> > environment? If so, can you try substituting the DefaultCacheManager
>>> > implementation (and your realm implementation) with with your
>>> > implementations and see what happens?
>>> >
>>> > - Les
>>> >
>>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy Tripp<An...@vonage.com>
>>> > wrote:
>>> > > Here's the complete tomcat log file:
>>> > >
>>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.StandardContext
>>> > filterStart
>>> > > SEVERE: Exception starting filter ShiroFilter
>>> > > javax.servlet.ServletException: Unable to load from text
>>> configuration.
>>> > > at
>>> >
>>> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
>>> > r.java:148)
>>> > > at
>>> >
>>> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
>>> > erConfig.java:221)
>>> > > at
>>> >
>>> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
>>> > ilterConfig.java:302)
>>> > > at
>>> >
>>> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
>>> > onfig.java:78)
>>> > > at
>>> >
>>> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
>>> > 3635)
>>> > > at
>>> >
>>> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
>>> > > at
>>> >
>>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
>>> > :760)
>>> > > at
>>> > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
>>> > > at
>>> > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
>>> > > at
>>> >
>>> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
>>> > )
>>> > > at
>>> >
>>> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
>>> > 90)
>>> > > at
>>> > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
>>> > > at
>>> > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
>>> > > at
>>> >
>>> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>>> > > at
>>> >
>>> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
>>> > ort.java:120)
>>> > > at
>>> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
>>> > > at
>>> > org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
>>> > > at
>>> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
>>> > > at
>>> > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>>> > > at
>>> > org.apache.catalina.core.StandardService.start(StandardService.java:448)
>>> > > at
>>> > org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
>>> > > at
>>> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>>> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> > > at
>>> >
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>>> > 39)
>>> > > at
>>> >
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
>>> > pl.java:25)
>>> > > at java.lang.reflect.Method.invoke(Method.java:597)
>>> > > at
>>> > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>>> > > at
>>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
>>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
>>> log
>>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain:
>>> > [org.apache.webapp.balancer.RuleChain:
>>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string:
>>> News
>>> > / Redirect URL: http://www.cnn.com],
>>> > [org.apache.webapp.balancer.rules.RequestParameterRule: Target param
>>> name:
>>> > paramName / Target param value: paramValue / Redirect URL:
>>> > http://www.yahoo.com],
>>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL:
>>> > http://jakarta.apache.org]]
>>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
>>> log
>>> > > INFO: ContextListener: contextInitialized()
>>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
>>> log
>>> > > INFO: SessionListener: contextInitialized()
>>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
>>> log
>>> > > INFO: ContextListener: contextInitialized()
>>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
>>> log
>>> > > INFO: SessionListener: contextInitialized()
>>> > > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext
>>> log
>>> > > INFO: SessionListener: contextDestroyed()
>>> > > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext
>>> log
>>> > > INFO: ContextListener: contextDestroyed()
>>> > > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext
>>> log
>>> > > INFO: SessionListener: contextDestroyed()
>>> > > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext
>>> log
>>> > > INFO: ContextListener: contextDestroyed()
>>> > >
>>> > >> -----Original Message-----
>>> > >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
>>> > >> Sent: Monday, August 17, 2009 4:24 PM
>>> > >> To: shiro-user@incubator.apache.org
>>> > >> Subject: Re: need more help with SSO
>>> > >>
>>> > >> Hi Andy,
>>> > >>
>>> > >> It goes in the main section, definitely. Is there any more to the
>>> > >> exception? I'd like to see the entire stack trace if possible.
>>> > >>
>>> > >> - Les
>>> > >>
>>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy Tripp<An...@vonage.com>
>>> > >> wrote:
>>> > >> > I created my own Cache and CacheManager:
>>> > >> >
>>> > >> > public class VonageDistributedSessionCache implements Cache {
>>> > >> > public VonageDistributedSessionCache(String name) {
>>> > >> > System.err.println("VonageDistributedSessionCache
>>> > >> > constructor.");
>>> > >> > }
>>> > >> > ...
>>> > >> > }
>>> > >> >
>>> > >> > public class VonageDistributedSessionCacheManager implements
>>> > >> > CacheManager {
>>> > >> > public Cache getCache(String name) throws CacheException {
>>> > >> > return new VonageDistributedSessionCache(name);
>>> > >> > }
>>> > >> > }
>>> > >> >
>>> > >> > Then in [main] section of my ShiroFilter in web.xml, I have:
>>> > >> > [main]
>>> > >> > realmA = com.vonage.auth.client.VonageAuthenticationRealm
>>> > >> >
>>> > >> > securityManager.sessionMode = native
>>> > >> >
>>> > >> > And when I add this:
>>> > >> > # pull in vonage centralized authentication:
>>> > >> > cacheManager =
>>> > >> > com.vonage.auth.client.VonageDistributedSessionCacheManager
>>> > >> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>>> > >> > sessionDAO.cacheManager = $cacheManager
>>> > >> > securityManager.sessionDAO = $sessionDAO
>>> > >> > securityManager.cacheManager = $cacheManager
>>> > >> >
>>> > >> > ...I get this error:
>>> > >> > javax.servlet.ServletException: Unable to load from text
>>> > configuration.
>>> > >> >
>>> > >> > So...does this injection go here in the [main] section of
>>> > ShiroFilter,
>>> > >> > or somewhere else?
>>> > >> >
>>> > >> > Thanks,
>>> > >> > Andy
>>> > >> >
>>> > >
>>
>
Re: need more help with SSO
Posted by Les Hazlewood <lh...@apache.org>.
Hi Andy,
Thanks very much for sending this along - it is very helpful. I'll be
able to look into this a bit more later tonight.
Regards,
Les
On Tue, Aug 18, 2009 at 11:21 AM, Andy Tripp<An...@vonage.com> wrote:
> Les,
> I tracked this problem down through a maze of try/catch blocks, I see this exception:
>
> javax.servlet.ServletException: Unable to load from text configuration. e2=org.apache.shiro.config.ConfigurationException: org.apache.shiro.config.ConfigurationException: Unable to set property [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a reference to another (previously defined) object, please prefix it with '$' to indicate that the referenced object should be used as the actual value. For example, $$sessionDAO
>
> ...which I tracked down to the ReflectionBuilder.applyProperty() method calling BeanUtils.setProperty() and catching an InvocationException. The cause of that exception is:
>
> java.lang.IllegalArgumentException: The underlying session manager is null or does not implement the org.apache.shiro.session.mgt.eis.SessionDAO
> interface, which is required if the underlying instance is to receive the sessionDAO argument.
>
>
> ...which comes from SessionsSecurityManager.setSessionDAO(), which checks
> to see that the SessionDAO parameter implements SessionDAOAware. The passed value is actually of class ServletContainerSessionManager, which does NOT
> implement SessionDAOAware.
>
> So I guess the mystery is why we're getting setSessionDAO() being passed a ServletContainerSessionManager, when in fact we have this config line:
>
> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>
> Hope this helps,
> Andy
>
>
>
>
>> -----Original Message-----
>> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
>> Sent: Tuesday, August 18, 2009 10:04 AM
>> To: shiro-user@incubator.apache.org
>> Subject: RE: need more help with SSO
>>
>> Les,
>>
>> I tried what you have below and still get the same "Unable to load from
>> text configuration" error. I tried it with the latest Shiro. I narrowed
>> the problem down to this line:
>>
>> securityManager.sessionDAO = $sessionDAO
>>
>> I get no errors with that line commented out.
>>
>> Any ideas? If not, I could put some tracing in the OncePerRequestFilter
>> class to narrow the problem down further.
>>
>> Andy
>>
>> > -----Original Message-----
>> > From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
>> > Behalf Of Les Hazlewood
>> > Sent: Monday, August 17, 2009 5:11 PM
>> > To: shiro-user@incubator.apache.org
>> > Subject: Re: need more help with SSO
>> >
>> > Hi Andy,
>> >
>> > I just verified that this simple test config works, although not in a
>> > web environment:
>> >
>> > ----
>> > realmA = org.apache.shiro.realm.text.PropertiesRealm
>> >
>> > securityManager.sessionMode = native
>> >
>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
>> >
>> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> > sessionDAO.cacheManager = $cacheManager
>> > securityManager.sessionDAO = $sessionDAO
>> > securityManager.cacheManager = $cacheManager
>> >
>> > securityManager.realm = $realmA
>> > ----
>> >
>> > Could you please try that out and see if it works in your web
>> > environment? If so, can you try substituting the DefaultCacheManager
>> > implementation (and your realm implementation) with with your
>> > implementations and see what happens?
>> >
>> > - Les
>> >
>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy Tripp<An...@vonage.com>
>> > wrote:
>> > > Here's the complete tomcat log file:
>> > >
>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.StandardContext
>> > filterStart
>> > > SEVERE: Exception starting filter ShiroFilter
>> > > javax.servlet.ServletException: Unable to load from text
>> configuration.
>> > > at
>> >
>> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
>> > r.java:148)
>> > > at
>> >
>> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
>> > erConfig.java:221)
>> > > at
>> >
>> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
>> > ilterConfig.java:302)
>> > > at
>> >
>> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
>> > onfig.java:78)
>> > > at
>> >
>> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
>> > 3635)
>> > > at
>> >
>> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
>> > > at
>> >
>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
>> > :760)
>> > > at
>> > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
>> > > at
>> > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
>> > > at
>> >
>> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
>> > )
>> > > at
>> >
>> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
>> > 90)
>> > > at
>> > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
>> > > at
>> > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
>> > > at
>> >
>> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>> > > at
>> >
>> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
>> > ort.java:120)
>> > > at
>> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
>> > > at
>> > org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
>> > > at
>> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
>> > > at
>> > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>> > > at
>> > org.apache.catalina.core.StandardService.start(StandardService.java:448)
>> > > at
>> > org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
>> > > at
>> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> > > at
>> >
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> > 39)
>> > > at
>> >
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
>> > pl.java:25)
>> > > at java.lang.reflect.Method.invoke(Method.java:597)
>> > > at
>> > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>> > > at
>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
>> log
>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain:
>> > [org.apache.webapp.balancer.RuleChain:
>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string:
>> News
>> > / Redirect URL: http://www.cnn.com],
>> > [org.apache.webapp.balancer.rules.RequestParameterRule: Target param
>> name:
>> > paramName / Target param value: paramValue / Redirect URL:
>> > http://www.yahoo.com],
>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL:
>> > http://jakarta.apache.org]]
>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
>> log
>> > > INFO: ContextListener: contextInitialized()
>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
>> log
>> > > INFO: SessionListener: contextInitialized()
>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
>> log
>> > > INFO: ContextListener: contextInitialized()
>> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
>> log
>> > > INFO: SessionListener: contextInitialized()
>> > > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext
>> log
>> > > INFO: SessionListener: contextDestroyed()
>> > > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext
>> log
>> > > INFO: ContextListener: contextDestroyed()
>> > > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext
>> log
>> > > INFO: SessionListener: contextDestroyed()
>> > > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext
>> log
>> > > INFO: ContextListener: contextDestroyed()
>> > >
>> > >> -----Original Message-----
>> > >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
>> > >> Sent: Monday, August 17, 2009 4:24 PM
>> > >> To: shiro-user@incubator.apache.org
>> > >> Subject: Re: need more help with SSO
>> > >>
>> > >> Hi Andy,
>> > >>
>> > >> It goes in the main section, definitely. Is there any more to the
>> > >> exception? I'd like to see the entire stack trace if possible.
>> > >>
>> > >> - Les
>> > >>
>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy Tripp<An...@vonage.com>
>> > >> wrote:
>> > >> > I created my own Cache and CacheManager:
>> > >> >
>> > >> > public class VonageDistributedSessionCache implements Cache {
>> > >> > public VonageDistributedSessionCache(String name) {
>> > >> > System.err.println("VonageDistributedSessionCache
>> > >> > constructor.");
>> > >> > }
>> > >> > ...
>> > >> > }
>> > >> >
>> > >> > public class VonageDistributedSessionCacheManager implements
>> > >> > CacheManager {
>> > >> > public Cache getCache(String name) throws CacheException {
>> > >> > return new VonageDistributedSessionCache(name);
>> > >> > }
>> > >> > }
>> > >> >
>> > >> > Then in [main] section of my ShiroFilter in web.xml, I have:
>> > >> > [main]
>> > >> > realmA = com.vonage.auth.client.VonageAuthenticationRealm
>> > >> >
>> > >> > securityManager.sessionMode = native
>> > >> >
>> > >> > And when I add this:
>> > >> > # pull in vonage centralized authentication:
>> > >> > cacheManager =
>> > >> > com.vonage.auth.client.VonageDistributedSessionCacheManager
>> > >> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> > >> > sessionDAO.cacheManager = $cacheManager
>> > >> > securityManager.sessionDAO = $sessionDAO
>> > >> > securityManager.cacheManager = $cacheManager
>> > >> >
>> > >> > ...I get this error:
>> > >> > javax.servlet.ServletException: Unable to load from text
>> > configuration.
>> > >> >
>> > >> > So...does this injection go here in the [main] section of
>> > ShiroFilter,
>> > >> > or somewhere else?
>> > >> >
>> > >> > Thanks,
>> > >> > Andy
>> > >> >
>> > >
>
RE: need more help with SSO
Posted by Andy Tripp <An...@vonage.com>.
Les,
I tracked this problem down through a maze of try/catch blocks, I see this exception:
javax.servlet.ServletException: Unable to load from text configuration. e2=org.apache.shiro.config.ConfigurationException: org.apache.shiro.config.ConfigurationException: Unable to set property [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a reference to another (previously defined) object, please prefix it with '$' to indicate that the referenced object should be used as the actual value. For example, $$sessionDAO
...which I tracked down to the ReflectionBuilder.applyProperty() method calling BeanUtils.setProperty() and catching an InvocationException. The cause of that exception is:
java.lang.IllegalArgumentException: The underlying session manager is null or does not implement the org.apache.shiro.session.mgt.eis.SessionDAO
interface, which is required if the underlying instance is to receive the sessionDAO argument.
...which comes from SessionsSecurityManager.setSessionDAO(), which checks
to see that the SessionDAO parameter implements SessionDAOAware. The passed value is actually of class ServletContainerSessionManager, which does NOT
implement SessionDAOAware.
So I guess the mystery is why we're getting setSessionDAO() being passed a ServletContainerSessionManager, when in fact we have this config line:
sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
Hope this helps,
Andy
> -----Original Message-----
> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
> Sent: Tuesday, August 18, 2009 10:04 AM
> To: shiro-user@incubator.apache.org
> Subject: RE: need more help with SSO
>
> Les,
>
> I tried what you have below and still get the same "Unable to load from
> text configuration" error. I tried it with the latest Shiro. I narrowed
> the problem down to this line:
>
> securityManager.sessionDAO = $sessionDAO
>
> I get no errors with that line commented out.
>
> Any ideas? If not, I could put some tracing in the OncePerRequestFilter
> class to narrow the problem down further.
>
> Andy
>
> > -----Original Message-----
> > From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> > Behalf Of Les Hazlewood
> > Sent: Monday, August 17, 2009 5:11 PM
> > To: shiro-user@incubator.apache.org
> > Subject: Re: need more help with SSO
> >
> > Hi Andy,
> >
> > I just verified that this simple test config works, although not in a
> > web environment:
> >
> > ----
> > realmA = org.apache.shiro.realm.text.PropertiesRealm
> >
> > securityManager.sessionMode = native
> >
> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
> >
> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> > sessionDAO.cacheManager = $cacheManager
> > securityManager.sessionDAO = $sessionDAO
> > securityManager.cacheManager = $cacheManager
> >
> > securityManager.realm = $realmA
> > ----
> >
> > Could you please try that out and see if it works in your web
> > environment? If so, can you try substituting the DefaultCacheManager
> > implementation (and your realm implementation) with with your
> > implementations and see what happens?
> >
> > - Les
> >
> > On Mon, Aug 17, 2009 at 4:27 PM, Andy Tripp<An...@vonage.com>
> > wrote:
> > > Here's the complete tomcat log file:
> > >
> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.StandardContext
> > filterStart
> > > SEVERE: Exception starting filter ShiroFilter
> > > javax.servlet.ServletException: Unable to load from text
> configuration.
> > > at
> >
> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
> > r.java:148)
> > > at
> >
> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
> > erConfig.java:221)
> > > at
> >
> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
> > ilterConfig.java:302)
> > > at
> >
> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
> > onfig.java:78)
> > > at
> >
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
> > 3635)
> > > at
> >
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
> > > at
> >
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
> > :760)
> > > at
> > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
> > > at
> > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
> > > at
> >
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
> > )
> > > at
> >
> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
> > 90)
> > > at
> > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
> > > at
> > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
> > > at
> >
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
> > > at
> >
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
> > ort.java:120)
> > > at
> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
> > > at
> > org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
> > > at
> > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
> > > at
> > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> > > at
> > org.apache.catalina.core.StandardService.start(StandardService.java:448)
> > > at
> > org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
> > > at
> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > at
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> > 39)
> > > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
> > pl.java:25)
> > > at java.lang.reflect.Method.invoke(Method.java:597)
> > > at
> > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
> > > at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
> log
> > > INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain:
> > [org.apache.webapp.balancer.RuleChain:
> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string:
> News
> > / Redirect URL: http://www.cnn.com],
> > [org.apache.webapp.balancer.rules.RequestParameterRule: Target param
> name:
> > paramName / Target param value: paramValue / Redirect URL:
> > http://www.yahoo.com],
> > [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL:
> > http://jakarta.apache.org]]
> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
> log
> > > INFO: ContextListener: contextInitialized()
> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
> log
> > > INFO: SessionListener: contextInitialized()
> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
> log
> > > INFO: ContextListener: contextInitialized()
> > > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext
> log
> > > INFO: SessionListener: contextInitialized()
> > > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext
> log
> > > INFO: SessionListener: contextDestroyed()
> > > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext
> log
> > > INFO: ContextListener: contextDestroyed()
> > > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext
> log
> > > INFO: SessionListener: contextDestroyed()
> > > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext
> log
> > > INFO: ContextListener: contextDestroyed()
> > >
> > >> -----Original Message-----
> > >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
> > >> Sent: Monday, August 17, 2009 4:24 PM
> > >> To: shiro-user@incubator.apache.org
> > >> Subject: Re: need more help with SSO
> > >>
> > >> Hi Andy,
> > >>
> > >> It goes in the main section, definitely. Is there any more to the
> > >> exception? I'd like to see the entire stack trace if possible.
> > >>
> > >> - Les
> > >>
> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy Tripp<An...@vonage.com>
> > >> wrote:
> > >> > I created my own Cache and CacheManager:
> > >> >
> > >> > public class VonageDistributedSessionCache implements Cache {
> > >> > public VonageDistributedSessionCache(String name) {
> > >> > System.err.println("VonageDistributedSessionCache
> > >> > constructor.");
> > >> > }
> > >> > ...
> > >> > }
> > >> >
> > >> > public class VonageDistributedSessionCacheManager implements
> > >> > CacheManager {
> > >> > public Cache getCache(String name) throws CacheException {
> > >> > return new VonageDistributedSessionCache(name);
> > >> > }
> > >> > }
> > >> >
> > >> > Then in [main] section of my ShiroFilter in web.xml, I have:
> > >> > [main]
> > >> > realmA = com.vonage.auth.client.VonageAuthenticationRealm
> > >> >
> > >> > securityManager.sessionMode = native
> > >> >
> > >> > And when I add this:
> > >> > # pull in vonage centralized authentication:
> > >> > cacheManager =
> > >> > com.vonage.auth.client.VonageDistributedSessionCacheManager
> > >> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> > >> > sessionDAO.cacheManager = $cacheManager
> > >> > securityManager.sessionDAO = $sessionDAO
> > >> > securityManager.cacheManager = $cacheManager
> > >> >
> > >> > ...I get this error:
> > >> > javax.servlet.ServletException: Unable to load from text
> > configuration.
> > >> >
> > >> > So...does this injection go here in the [main] section of
> > ShiroFilter,
> > >> > or somewhere else?
> > >> >
> > >> > Thanks,
> > >> > Andy
> > >> >
> > >
RE: need more help with SSO
Posted by Andy Tripp <An...@vonage.com>.
Les,
I tried what you have below and still get the same "Unable to load from text configuration" error. I tried it with the latest Shiro. I narrowed the problem down to this line:
securityManager.sessionDAO = $sessionDAO
I get no errors with that line commented out.
Any ideas? If not, I could put some tracing in the OncePerRequestFilter class to narrow the problem down further.
Andy
> -----Original Message-----
> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> Behalf Of Les Hazlewood
> Sent: Monday, August 17, 2009 5:11 PM
> To: shiro-user@incubator.apache.org
> Subject: Re: need more help with SSO
>
> Hi Andy,
>
> I just verified that this simple test config works, although not in a
> web environment:
>
> ----
> realmA = org.apache.shiro.realm.text.PropertiesRealm
>
> securityManager.sessionMode = native
>
> cacheManager = org.apache.shiro.cache.DefaultCacheManager
>
> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> sessionDAO.cacheManager = $cacheManager
> securityManager.sessionDAO = $sessionDAO
> securityManager.cacheManager = $cacheManager
>
> securityManager.realm = $realmA
> ----
>
> Could you please try that out and see if it works in your web
> environment? If so, can you try substituting the DefaultCacheManager
> implementation (and your realm implementation) with with your
> implementations and see what happens?
>
> - Les
>
> On Mon, Aug 17, 2009 at 4:27 PM, Andy Tripp<An...@vonage.com>
> wrote:
> > Here's the complete tomcat log file:
> >
> > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.StandardContext
> filterStart
> > SEVERE: Exception starting filter ShiroFilter
> > javax.servlet.ServletException: Unable to load from text configuration.
> > at
> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
> r.java:148)
> > at
> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
> erConfig.java:221)
> > at
> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
> ilterConfig.java:302)
> > at
> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
> onfig.java:78)
> > at
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
> 3635)
> > at
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
> > at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
> :760)
> > at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
> > at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
> > at
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
> )
> > at
> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
> 90)
> > at
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
> > at
> org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
> > at
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
> > at
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
> ort.java:120)
> > at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
> > at
> org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
> > at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
> > at
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> > at
> org.apache.catalina.core.StandardService.start(StandardService.java:448)
> > at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
> > at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 39)
> > at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
> pl.java:25)
> > at java.lang.reflect.Method.invoke(Method.java:597)
> > at
> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
> > INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain:
> [org.apache.webapp.balancer.RuleChain:
> [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string: News
> / Redirect URL: http://www.cnn.com],
> [org.apache.webapp.balancer.rules.RequestParameterRule: Target param name:
> paramName / Target param value: paramValue / Redirect URL:
> http://www.yahoo.com],
> [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL:
> http://jakarta.apache.org]]
> > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
> > INFO: ContextListener: contextInitialized()
> > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
> > INFO: SessionListener: contextInitialized()
> > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
> > INFO: ContextListener: contextInitialized()
> > Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
> > INFO: SessionListener: contextInitialized()
> > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext log
> > INFO: SessionListener: contextDestroyed()
> > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext log
> > INFO: ContextListener: contextDestroyed()
> > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext log
> > INFO: SessionListener: contextDestroyed()
> > Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext log
> > INFO: ContextListener: contextDestroyed()
> >
> >> -----Original Message-----
> >> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
> >> Sent: Monday, August 17, 2009 4:24 PM
> >> To: shiro-user@incubator.apache.org
> >> Subject: Re: need more help with SSO
> >>
> >> Hi Andy,
> >>
> >> It goes in the main section, definitely. Is there any more to the
> >> exception? I'd like to see the entire stack trace if possible.
> >>
> >> - Les
> >>
> >> On Mon, Aug 17, 2009 at 3:41 PM, Andy Tripp<An...@vonage.com>
> >> wrote:
> >> > I created my own Cache and CacheManager:
> >> >
> >> > public class VonageDistributedSessionCache implements Cache {
> >> > public VonageDistributedSessionCache(String name) {
> >> > System.err.println("VonageDistributedSessionCache
> >> > constructor.");
> >> > }
> >> > ...
> >> > }
> >> >
> >> > public class VonageDistributedSessionCacheManager implements
> >> > CacheManager {
> >> > public Cache getCache(String name) throws CacheException {
> >> > return new VonageDistributedSessionCache(name);
> >> > }
> >> > }
> >> >
> >> > Then in [main] section of my ShiroFilter in web.xml, I have:
> >> > [main]
> >> > realmA = com.vonage.auth.client.VonageAuthenticationRealm
> >> >
> >> > securityManager.sessionMode = native
> >> >
> >> > And when I add this:
> >> > # pull in vonage centralized authentication:
> >> > cacheManager =
> >> > com.vonage.auth.client.VonageDistributedSessionCacheManager
> >> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >> > sessionDAO.cacheManager = $cacheManager
> >> > securityManager.sessionDAO = $sessionDAO
> >> > securityManager.cacheManager = $cacheManager
> >> >
> >> > ...I get this error:
> >> > javax.servlet.ServletException: Unable to load from text
> configuration.
> >> >
> >> > So...does this injection go here in the [main] section of
> ShiroFilter,
> >> > or somewhere else?
> >> >
> >> > Thanks,
> >> > Andy
> >> >
> >
Re: need more help with SSO
Posted by Les Hazlewood <lh...@apache.org>.
Hi Andy,
I just verified that this simple test config works, although not in a
web environment:
----
realmA = org.apache.shiro.realm.text.PropertiesRealm
securityManager.sessionMode = native
cacheManager = org.apache.shiro.cache.DefaultCacheManager
sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
sessionDAO.cacheManager = $cacheManager
securityManager.sessionDAO = $sessionDAO
securityManager.cacheManager = $cacheManager
securityManager.realm = $realmA
----
Could you please try that out and see if it works in your web
environment? If so, can you try substituting the DefaultCacheManager
implementation (and your realm implementation) with with your
implementations and see what happens?
- Les
On Mon, Aug 17, 2009 at 4:27 PM, Andy Tripp<An...@vonage.com> wrote:
> Here's the complete tomcat log file:
>
> Aug 17, 2009 3:40:13 PM org.apache.catalina.core.StandardContext filterStart
> SEVERE: Exception starting filter ShiroFilter
> javax.servlet.ServletException: Unable to load from text configuration.
> at org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilter.java:148)
> at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
> at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
> at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
> at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
> at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927)
> at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:890)
> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
> at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> at org.apache.catalina.core.StandardService.start(StandardService.java:448)
> at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
> INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain: [org.apache.webapp.balancer.RuleChain: [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string: News / Redirect URL: http://www.cnn.com], [org.apache.webapp.balancer.rules.RequestParameterRule: Target param name: paramName / Target param value: paramValue / Redirect URL: http://www.yahoo.com], [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL: http://jakarta.apache.org]]
> Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
> INFO: ContextListener: contextInitialized()
> Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
> INFO: SessionListener: contextInitialized()
> Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
> INFO: ContextListener: contextInitialized()
> Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
> INFO: SessionListener: contextInitialized()
> Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext log
> INFO: SessionListener: contextDestroyed()
> Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext log
> INFO: ContextListener: contextDestroyed()
> Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext log
> INFO: SessionListener: contextDestroyed()
> Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext log
> INFO: ContextListener: contextDestroyed()
>
>> -----Original Message-----
>> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
>> Sent: Monday, August 17, 2009 4:24 PM
>> To: shiro-user@incubator.apache.org
>> Subject: Re: need more help with SSO
>>
>> Hi Andy,
>>
>> It goes in the main section, definitely. Is there any more to the
>> exception? I'd like to see the entire stack trace if possible.
>>
>> - Les
>>
>> On Mon, Aug 17, 2009 at 3:41 PM, Andy Tripp<An...@vonage.com>
>> wrote:
>> > I created my own Cache and CacheManager:
>> >
>> > public class VonageDistributedSessionCache implements Cache {
>> > public VonageDistributedSessionCache(String name) {
>> > System.err.println("VonageDistributedSessionCache
>> > constructor.");
>> > }
>> > ...
>> > }
>> >
>> > public class VonageDistributedSessionCacheManager implements
>> > CacheManager {
>> > public Cache getCache(String name) throws CacheException {
>> > return new VonageDistributedSessionCache(name);
>> > }
>> > }
>> >
>> > Then in [main] section of my ShiroFilter in web.xml, I have:
>> > [main]
>> > realmA = com.vonage.auth.client.VonageAuthenticationRealm
>> >
>> > securityManager.sessionMode = native
>> >
>> > And when I add this:
>> > # pull in vonage centralized authentication:
>> > cacheManager =
>> > com.vonage.auth.client.VonageDistributedSessionCacheManager
>> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
>> > sessionDAO.cacheManager = $cacheManager
>> > securityManager.sessionDAO = $sessionDAO
>> > securityManager.cacheManager = $cacheManager
>> >
>> > ...I get this error:
>> > javax.servlet.ServletException: Unable to load from text configuration.
>> >
>> > So...does this injection go here in the [main] section of ShiroFilter,
>> > or somewhere else?
>> >
>> > Thanks,
>> > Andy
>> >
>
RE: need more help with SSO
Posted by Andy Tripp <An...@vonage.com>.
Here's the complete tomcat log file:
Aug 17, 2009 3:40:13 PM org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter ShiroFilter
javax.servlet.ServletException: Unable to load from text configuration.
at org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilter.java:148)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:890)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain: [org.apache.webapp.balancer.RuleChain: [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string: News / Redirect URL: http://www.cnn.com], [org.apache.webapp.balancer.rules.RequestParameterRule: Target param name: paramName / Target param value: paramValue / Redirect URL: http://www.yahoo.com], [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL: http://jakarta.apache.org]]
Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Aug 17, 2009 3:40:13 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextDestroyed()
Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextDestroyed()
Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextDestroyed()
Aug 17, 2009 4:25:59 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextDestroyed()
> -----Original Message-----
> From: Les Hazlewood [mailto:les.hazlewood@anjinllc.com]
> Sent: Monday, August 17, 2009 4:24 PM
> To: shiro-user@incubator.apache.org
> Subject: Re: need more help with SSO
>
> Hi Andy,
>
> It goes in the main section, definitely. Is there any more to the
> exception? I'd like to see the entire stack trace if possible.
>
> - Les
>
> On Mon, Aug 17, 2009 at 3:41 PM, Andy Tripp<An...@vonage.com>
> wrote:
> > I created my own Cache and CacheManager:
> >
> > public class VonageDistributedSessionCache implements Cache {
> > public VonageDistributedSessionCache(String name) {
> > System.err.println("VonageDistributedSessionCache
> > constructor.");
> > }
> > ...
> > }
> >
> > public class VonageDistributedSessionCacheManager implements
> > CacheManager {
> > public Cache getCache(String name) throws CacheException {
> > return new VonageDistributedSessionCache(name);
> > }
> > }
> >
> > Then in [main] section of my ShiroFilter in web.xml, I have:
> > [main]
> > realmA = com.vonage.auth.client.VonageAuthenticationRealm
> >
> > securityManager.sessionMode = native
> >
> > And when I add this:
> > # pull in vonage centralized authentication:
> > cacheManager =
> > com.vonage.auth.client.VonageDistributedSessionCacheManager
> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> > sessionDAO.cacheManager = $cacheManager
> > securityManager.sessionDAO = $sessionDAO
> > securityManager.cacheManager = $cacheManager
> >
> > ...I get this error:
> > javax.servlet.ServletException: Unable to load from text configuration.
> >
> > So...does this injection go here in the [main] section of ShiroFilter,
> > or somewhere else?
> >
> > Thanks,
> > Andy
> >
Re: need more help with SSO
Posted by Les Hazlewood <le...@anjinllc.com>.
Hi Andy,
It goes in the main section, definitely. Is there any more to the
exception? I'd like to see the entire stack trace if possible.
- Les
On Mon, Aug 17, 2009 at 3:41 PM, Andy Tripp<An...@vonage.com> wrote:
> I created my own Cache and CacheManager:
>
> public class VonageDistributedSessionCache implements Cache {
> public VonageDistributedSessionCache(String name) {
> System.err.println("VonageDistributedSessionCache
> constructor.");
> }
> ...
> }
>
> public class VonageDistributedSessionCacheManager implements
> CacheManager {
> public Cache getCache(String name) throws CacheException {
> return new VonageDistributedSessionCache(name);
> }
> }
>
> Then in [main] section of my ShiroFilter in web.xml, I have:
> [main]
> realmA = com.vonage.auth.client.VonageAuthenticationRealm
>
> securityManager.sessionMode = native
>
> And when I add this:
> # pull in vonage centralized authentication:
> cacheManager =
> com.vonage.auth.client.VonageDistributedSessionCacheManager
> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> sessionDAO.cacheManager = $cacheManager
> securityManager.sessionDAO = $sessionDAO
> securityManager.cacheManager = $cacheManager
>
> ...I get this error:
> javax.servlet.ServletException: Unable to load from text configuration.
>
> So...does this injection go here in the [main] section of ShiroFilter,
> or somewhere else?
>
> Thanks,
> Andy
>
RE: need more help with SSO
Posted by Andy Tripp <An...@vonage.com>.
I created my own Cache and CacheManager:
public class VonageDistributedSessionCache implements Cache {
public VonageDistributedSessionCache(String name) {
System.err.println("VonageDistributedSessionCache
constructor.");
}
...
}
public class VonageDistributedSessionCacheManager implements
CacheManager {
public Cache getCache(String name) throws CacheException {
return new VonageDistributedSessionCache(name);
}
}
Then in [main] section of my ShiroFilter in web.xml, I have:
[main]
realmA = com.vonage.auth.client.VonageAuthenticationRealm
securityManager.sessionMode = native
And when I add this:
# pull in vonage centralized authentication:
cacheManager =
com.vonage.auth.client.VonageDistributedSessionCacheManager
sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
sessionDAO.cacheManager = $cacheManager
securityManager.sessionDAO = $sessionDAO
securityManager.cacheManager = $cacheManager
...I get this error:
javax.servlet.ServletException: Unable to load from text configuration.
So...does this injection go here in the [main] section of ShiroFilter,
or somewhere else?
Thanks,
Andy
Re: need more help with SSO
Posted by Les Hazlewood <le...@anjinllc.com>.
Hi Andy,
Please see my comments inline.
On Mon, Aug 17, 2009 at 12:04 PM, Andy Tripp<An...@vonage.com> wrote:
> Hi Les,
>
> After spending time with Terracotta, I'm back to trying to just use
> Shiro to implement SSO across multiple applications. I want to do what
> you suggested...Each application will keep session info for that
> particular application locally, and there will also be a centralized
> machine containing session info for ALL applications. When a user logs
> in to one app and then jumps to another app, he shouldn't have to login
> again. In that case, Shiro can't find session info locally and should go
> look on the central machine.
Yep, this will work fine. Typically most enterprise caches can do
this for you automatically - they have a concept of a 'local' cache -
something that is an in-memory '1st level' cache that transparently
sits between your application code and the 'main' cluster-wide cache.
Try to leverage that if possible to make your life easier.
>
> I have Shiro working on a single machine now:
> * in web.xml I have:
> [main]
> realmA = com.vonage.auth.client.VonageAuthenticationRealm
>
> [filters]
> authc =
> com.vonage.auth.client.VonageFormAuthenticationFilter
>
> My VonageAuthenticationRealm class extends JdbcRealm and connects via
> JDBC to our machine that has username/password info. The
> VonageFormAuthenticationFilter class just overrides onLoginFailure() to
> give the user an error message and overrides onLoginSuccess() to send
> the user on to the URL he requested.
>
> So that's working fine and now I want to:
> 1) send session info to central server on successful login
Note that a session may be started before someone logs in (apps
differ, but this is often the case). That is, if a user visits the
home page and starts browsing around, often a session is created
reflecting this activity. Then, after they log in, only then is their
identity associated with the session. You probably have to account
for this in your app (unless the only time a session is created is
actually when they only successfully log in the first time, but most
apps don't work like this)
> 2) have Shiro check the central server when it can't find a given user's
> session info.
Again, check your caching product to see if this can happen
automatically. You'll be much happier :)
> I see in the ShiroFilter javadoc, that I should do this to use "Shiro's
> Session infrastructure" rather than HttpSession:
> securityManager.sessionMode = shiro
This is probably a typo that hasn't been fixed yet. Originally the
sessionMode was the name of the framework. Now that token has been
changed to 'native' so we should never see naming conflicts again.
If you're using the latest build of Shiro (Maven snapshot, or building
from source) - and I highly recommend that you do since there has been
some necessary fixes for distributed sessions - you'll want to set
that to:
securityManager.sessionMode = native
> I should do that, right? And then what? Where is Shiro checking for
> session info, and how can I tap into that?
Once this is set, you'll want to write a
org.apache.shiro.session.mgt.eis.SessionDAO implementation that
interfaces with your cache on behalf of Shiro.
However, if you're using an enterprise cache like Terracotta, a better
solution is to write Terracotta-specific
org.apache.shiro.cache.CacheManager and org.apache.shiro.cache.Cache
implementations. Then you can use the
org.apache.shiro.session.mgt.eis.MemorySessionDAO implementation and
inject it with your cache manager. For example:
cacheManager = com.mycompany.shiro.cache.TerracottaCacheManager
sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
sessionDAO.cacheManager = $cacheManager
securityManager.sessionDAO = $sessionDAO
securityManager.cacheManager = $cacheManager
Best,
Les
P.S. I haven't checked Terracotta's open-source license, but if it is
Apache/BSD-compliant, and you're willing to contribute your
implementations, I'm sure we can discuss about including it in Shiro
proper to make your life easier in the future.
need more help with SSO
Posted by Andy Tripp <An...@vonage.com>.
Hi Les,
After spending time with Terracotta, I'm back to trying to just use
Shiro to implement SSO across multiple applications. I want to do what
you suggested...Each application will keep session info for that
particular application locally, and there will also be a centralized
machine containing session info for ALL applications. When a user logs
in to one app and then jumps to another app, he shouldn't have to login
again. In that case, Shiro can't find session info locally and should go
look on the central machine.
I have Shiro working on a single machine now:
* in web.xml I have:
[main]
realmA = com.vonage.auth.client.VonageAuthenticationRealm
[filters]
authc =
com.vonage.auth.client.VonageFormAuthenticationFilter
My VonageAuthenticationRealm class extends JdbcRealm and connects via
JDBC to our machine that has username/password info. The
VonageFormAuthenticationFilter class just overrides onLoginFailure() to
give the user an error message and overrides onLoginSuccess() to send
the user on to the URL he requested.
So that's working fine and now I want to:
1) send session info to central server on successful login
2) have Shiro check the central server when it can't find a given user's
session info.
I see in the ShiroFilter javadoc, that I should do this to use "Shiro's
Session infrastructure" rather than HttpSession:
securityManager.sessionMode = shiro
I should do that, right? And then what? Where is Shiro checking for
session info, and how can I tap into that?
Thanks again,
Andy
Re: SSO with centralized authentication
Posted by Les Hazlewood <lh...@apache.org>.
Hi Andy - I do, I just haven't had the time - I'm kinda slammed at
work today, so I was hoping to try to answer this weekend :)
Best,
Les
On Fri, Jul 31, 2009 at 10:45 AM, Andy Tripp<An...@vonage.com> wrote:
> Les,
>
> Do you have any thoughts on what I said below? I now have Terracotta
> "web sessions" working directly with Tomcat, and it seems like that's
> all I really need.
>
> Andy
>
>> I'm now thinking that we really should do a "federated" approach, such
> as
>> using Terracotta. My objection to this was that having individual
>> applications all sharing session data in memory was a huge waste of
>> memory. But it turns out that Terracotta only keeps "local session
> data"
>> in memory. In other words, each machine really does only keep the
> session
>> data that it really needs in memory, not ALL session data. When it
> needs
>> session data that's not "local", it gets it from a centralized server.
>>
>> Architecturally, Terracotta looks like essentially an already-built
>> version of the "centralized" approach. We've been talking about me
> writing
>> a Shiro CentralizedAuthenticationRealm that always sends a message to
> an
>> authentication server. Well, that's what Terracotta already does, it's
>> just that it keeps local session data in a local cache so that it
> doesn't
>> always have to hit the authentication server.
>>
>> There are several advantages of using Terracotta (or similar tool):
>> 1) We can start using authorization without a lot of work - the shared
>> session state would contain authorization info in addtion to
>> authentication info. With my own hand-coded Shiro
>> CentralizedAuthenticationRealm, I'd have to do extra work to get
>> authorization info.
>> 2) We get other shared session info, such as a "shopping cart", "for
>> free". With a Shiro CentralizedAuthenticationRealm, I'd have to build
> this
>> functionality. Having such a "shopping cart" is not a requirement for
> me
>> yet, but I can certainly see it coming down the road. We have
> telephony
>> applications, and one webapp might start a conference call while
> another
>> starts a normal call. The "normal call" web service would want to know
>> that you're already in the midst of a conference call that you
> initiated
>> via the "conference call" web service.
>> 3) Load balancing - say we are using some load balancing scheme where
> you
>> make a request from a web service, and then when you make a second
> request
>> to that same service, a load balancer redirects you to a different
> server.
>> Those two servers should share your session info.
>>
>> I'm now investigating Terracotta Web Sessions. The question is "do I
> need
>> Shiro on top of it?" I suspect the answer is "no, unless you're doing
>> something 'custom', Shiro doesn't help you".
>>
>> So now after looking into it a bit, I'm starting to see why is seems
> that
>> most large apps seem to be using things like Terracotta and Coherence
>> rather than CAS.
>>
>> I have two specific suggestions for Shiro:
>> 1) Go ahead and build a TerracottaRealm class and let me use it via
>> ShiroFilter configuration in web.xml.
>> 2) Create a lot more and better documentation. For example, I should
> be
>> able to get an authentication server and a couple of application
> servers
>> up and running in under an hour. Take a look at the Terracotta Web
>> Sessions tutorial, for example:
>> http://www.terracotta.org/web/display/orgsite/Sessions+Tutorial
>> Following that, I was able to get two "Jpetstore" web apps running and
>> sharing sessions within about 20 minutes. The shiro QuickStart
> application
>> is pretty good. Create a similar writeup for the 'webapp' version of
> it.
>>
>> Thanks again for your time. Sorry for the long email.
>> Andy
>
>
RE: SSO with centralized authentication
Posted by Andy Tripp <An...@vonage.com>.
Les,
Do you have any thoughts on what I said below? I now have Terracotta
"web sessions" working directly with Tomcat, and it seems like that's
all I really need.
Andy
> I'm now thinking that we really should do a "federated" approach, such
as
> using Terracotta. My objection to this was that having individual
> applications all sharing session data in memory was a huge waste of
> memory. But it turns out that Terracotta only keeps "local session
data"
> in memory. In other words, each machine really does only keep the
session
> data that it really needs in memory, not ALL session data. When it
needs
> session data that's not "local", it gets it from a centralized server.
>
> Architecturally, Terracotta looks like essentially an already-built
> version of the "centralized" approach. We've been talking about me
writing
> a Shiro CentralizedAuthenticationRealm that always sends a message to
an
> authentication server. Well, that's what Terracotta already does, it's
> just that it keeps local session data in a local cache so that it
doesn't
> always have to hit the authentication server.
>
> There are several advantages of using Terracotta (or similar tool):
> 1) We can start using authorization without a lot of work - the shared
> session state would contain authorization info in addtion to
> authentication info. With my own hand-coded Shiro
> CentralizedAuthenticationRealm, I'd have to do extra work to get
> authorization info.
> 2) We get other shared session info, such as a "shopping cart", "for
> free". With a Shiro CentralizedAuthenticationRealm, I'd have to build
this
> functionality. Having such a "shopping cart" is not a requirement for
me
> yet, but I can certainly see it coming down the road. We have
telephony
> applications, and one webapp might start a conference call while
another
> starts a normal call. The "normal call" web service would want to know
> that you're already in the midst of a conference call that you
initiated
> via the "conference call" web service.
> 3) Load balancing - say we are using some load balancing scheme where
you
> make a request from a web service, and then when you make a second
request
> to that same service, a load balancer redirects you to a different
server.
> Those two servers should share your session info.
>
> I'm now investigating Terracotta Web Sessions. The question is "do I
need
> Shiro on top of it?" I suspect the answer is "no, unless you're doing
> something 'custom', Shiro doesn't help you".
>
> So now after looking into it a bit, I'm starting to see why is seems
that
> most large apps seem to be using things like Terracotta and Coherence
> rather than CAS.
>
> I have two specific suggestions for Shiro:
> 1) Go ahead and build a TerracottaRealm class and let me use it via
> ShiroFilter configuration in web.xml.
> 2) Create a lot more and better documentation. For example, I should
be
> able to get an authentication server and a couple of application
servers
> up and running in under an hour. Take a look at the Terracotta Web
> Sessions tutorial, for example:
> http://www.terracotta.org/web/display/orgsite/Sessions+Tutorial
> Following that, I was able to get two "Jpetstore" web apps running and
> sharing sessions within about 20 minutes. The shiro QuickStart
application
> is pretty good. Create a similar writeup for the 'webapp' version of
it.
>
> Thanks again for your time. Sorry for the long email.
> Andy
RE: SSO with centralized authentication
Posted by Andy Tripp <An...@vonage.com>.
Thanks again for the feedback, Les. My responses are below.
Andy
> -----Original Message-----
> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> Behalf Of Les Hazlewood
> Sent: Tuesday, July 28, 2009 6:46 PM
> To: shiro-user@incubator.apache.org
> Subject: Re: SSO with centralized authentication
>
> > I think I know how you'd solve this with Shiro. You'd use a "federated"
> > approach where you share memory across machines with a subclass of Cache
> > that uses Jcache, TerraCotta, Coherence, or some other
> > cross-machine-memory tool.
>
> Actually, I wasn't thinking of that. Sure, that is one way, but as
> you point out, obviously not ideal in your situation.
>
> My approach would be the following:
>
> Lets assume Application A represents the application that actually
> performs the authentication check.
>
> Applications B through <insert letter here> would all have the same
> Realm implementation used in their Shiro configuration that knows how
> to execute login requests to application A - these could be
> REST/Soap/RMI or any other type of remoting protocol to call into
> Application A, perform the authentication attempt, and then return
> quietly if successful or throw a proper AuthenticationException if
> not.
That sounds good, except that application B would call A, passing the URL and saying "the user wants to get to this URL. If he's authenticated, just send him there. If not, give him a login window and once he logs in successfully, send him there." There's no need for B to throw an exception - B sends the message to A and is then done.
> This Realm would perform only authentication - no authorization.
> Then you'd have another Realm in your security manager configuration
> that performed authorization duties with that application's own data
> model (Shiro supports as many Realms as you want for your
> application).
OK.
>
> This has the added benefit of using the same Realm in all applications
> and is much less jarring to the user - they can log in on the local
> site and never feel like they are redirected to an additional site
> with a different look and feel - much nicer.
OK.
>
> If you're forced to redirect to an external server,
We're not really "forced" to do it that way, it's just that I prefer having authentication handled by an external server to free up all my company's web applications from having to deal with it (though I've now changed my mind on this - see below).
> then yes, CAS
> might be a better solution for now, although I think it should be a
> top priority of ours to support this scenario out of the box. That
> is, it would be a shame if Shiro couldn't do what CAS does and more.
> We've talked about supporting SAML and OpenID and other similar
> mechanisms to achieve this.
>
> All of this being said, if you could have an ideal solution regardless
> of framework - what would that be?
My only real requirements are to have single sign-on across multiple web apps supporting many (100,000+) simultaneous user sessions. In the short term, we have to use an existing database of username/password entries. Long term, we'll want to change that to use something more standard like LDAP. We can expect that we'll soon want to support authorization in addition to authentication.
Ideally, I'd like to have a simple configuration file on each application machine that says "Everyone who accesses any URL here first has to go through authentication". As I mentioned above, the only real requirement for the authentication machine is that it accesses an existing database for now, and probably uses LDAP later. So a good solution would be Shiro running as a servlet with our own JDBCRealm today and maybe an ApacheDirectoryServerRealm later.
The Tomcat Single Sign On feature looks good, but it only works within a single Host and also I doubt that we can dictate that every web app in the company must use Tomcat.
Switching gears now...
I'm now thinking that we really should do a "federated" approach, such as using Terracotta. My objection to this was that having individual applications all sharing session data in memory was a huge waste of memory. But it turns out that Terracotta only keeps "local session data" in memory. In other words, each machine really does only keep the session data that it really needs in memory, not ALL session data. When it needs session data that's not "local", it gets it from a centralized server.
Architecturally, Terracotta looks like essentially an already-built version of the "centralized" approach. We've been talking about me writing a Shiro CentralizedAuthenticationRealm that always sends a message to an authentication server. Well, that's what Terracotta already does, it's just that it keeps local session data in a local cache so that it doesn't always have to hit the authentication server.
There are several advantages of using Terracotta (or similar tool):
1) We can start using authorization without a lot of work - the shared session state would contain authorization info in addtion to authentication info. With my own hand-coded Shiro CentralizedAuthenticationRealm, I'd have to do extra work to get authorization info.
2) We get other shared session info, such as a "shopping cart", "for free". With a Shiro CentralizedAuthenticationRealm, I'd have to build this functionality. Having such a "shopping cart" is not a requirement for me yet, but I can certainly see it coming down the road. We have telephony applications, and one webapp might start a conference call while another starts a normal call. The "normal call" web service would want to know that you're already in the midst of a conference call that you initiated via the "conference call" web service.
3) Load balancing - say we are using some load balancing scheme where you make a request from a web service, and then when you make a second request to that same service, a load balancer redirects you to a different server. Those two servers should share your session info.
I'm now investigating Terracotta Web Sessions. The question is "do I need Shiro on top of it?" I suspect the answer is "no, unless you're doing something 'custom', Shiro doesn't help you".
So now after looking into it a bit, I'm starting to see why is seems that most large apps seem to be using things like Terracotta and Coherence rather than CAS.
I have two specific suggestions for Shiro:
1) Go ahead and build a TerracottaRealm class and let me use it via ShiroFilter configuration in web.xml.
2) Create a lot more and better documentation. For example, I should be able to get an authentication server and a couple of application servers up and running in under an hour. Take a look at the Terracotta Web Sessions tutorial, for example: http://www.terracotta.org/web/display/orgsite/Sessions+Tutorial
Following that, I was able to get two "Jpetstore" web apps running and sharing sessions within about 20 minutes. The shiro QuickStart application is pretty good. Create a similar writeup for the 'webapp' version of it.
Thanks again for your time. Sorry for the long email.
Andy
>
> Cheers,
>
> Les
>
> > -----Original Message-----
> > From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> > Behalf Of Les Hazlewood
> > Sent: Tuesday, July 28, 2009 4:37 PM
> > To: shiro-user@incubator.apache.org
> > Subject: Re: SSO with centralized authentication
> >
> > Hi Andy,
> >
> > Authentication state must be known by both servers for either of them
> > to know if the currently executing user (aka 'Subject') is
> > authenticated. That is, if you authenticate on one server, how is the
> > other server supposed to know that the user is authenticated unless
> > they share that state somehow?
> >
> > There are a number of ways to solve your problem - are you looking for
> > an idea of how I would solve this particular problem with Shiro or are
> > you stating that you're tied to the mechanism that is in place now
> > (redirect to another web page on another server then redirect back)
> > and would like to know how to make that work?
> >
> > Regards,
> >
> > Les
> >
> > On Tue, Jul 28, 2009 at 3:20 PM, Andy Tripp<An...@vonage.com>
> > wrote:
> >> Les,
> >>
> >> We're trying to do a centralized authentication service, in which one
> >> machine (one tomcat instance) does authentication and all other
> > machines
> >> just redirect all servlet requests to the authentication machine. If a
> >> user is not authenticated, he gets the login screen, and on successful
> >> login, gets routed from the authentication server back to the URL that
> >> he requested on the application machine. So we'd have each application
> >> do what the sample webapp does: have a ShiroFilter in web.xml which
> >> redirects all URLS to login.jsp. At that point, the
> >> WebUtils.saveRequest() call saves a URL, but it saves it on the
> >> application machine, not the authentication server. Then, the
> > login.jsp
> >> ACTION is to invoke a servlet on the authentication machine, where the
> >> WebUtils.getSavedRequest() would NOT retrieve the saved URL, because
> > it
> >> was saved back on the application machine.
> >>
> >> So it looks like these PassThruAuthenticationFilter and
> >> FormAuthenticationFilter filters don't support centralized
> >> authentication out-of-the-box. Everything works for me now, but only
> >> because I'm running everything on a single machine.
> >>
> >> Does all that make sense? If so, don't we need to be "saving" the URL
> > by
> >> storing it as a hidden field on login.jsp, and setting the
> >> user-requested URL as we send the user to login.jsp?
> >>
> >> Thanks again,
> >> Andy
> >>
> >> p.s. I'm working with Gurpreet, and this is a variation on her recent
> >> post to the list.
> >>
> >
Re: SSO with centralized authentication
Posted by Les Hazlewood <lh...@apache.org>.
> I think I know how you'd solve this with Shiro. You'd use a "federated"
> approach where you share memory across machines with a subclass of Cache
> that uses Jcache, TerraCotta, Coherence, or some other
> cross-machine-memory tool.
Actually, I wasn't thinking of that. Sure, that is one way, but as
you point out, obviously not ideal in your situation.
My approach would be the following:
Lets assume Application A represents the application that actually
performs the authentication check.
Applications B through <insert letter here> would all have the same
Realm implementation used in their Shiro configuration that knows how
to execute login requests to application A - these could be
REST/Soap/RMI or any other type of remoting protocol to call into
Application A, perform the authentication attempt, and then return
quietly if successful or throw a proper AuthenticationException if
not. This Realm would perform only authentication - no authorization.
Then you'd have another Realm in your security manager configuration
that performed authorization duties with that application's own data
model (Shiro supports as many Realms as you want for your
application).
This has the added benefit of using the same Realm in all applications
and is much less jarring to the user - they can log in on the local
site and never feel like they are redirected to an additional site
with a different look and feel - much nicer.
If you're forced to redirect to an external server, then yes, CAS
might be a better solution for now, although I think it should be a
top priority of ours to support this scenario out of the box. That
is, it would be a shame if Shiro couldn't do what CAS does and more.
We've talked about supporting SAML and OpenID and other similar
mechanisms to achieve this.
All of this being said, if you could have an ideal solution regardless
of framework - what would that be?
Cheers,
Les
> -----Original Message-----
> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> Behalf Of Les Hazlewood
> Sent: Tuesday, July 28, 2009 4:37 PM
> To: shiro-user@incubator.apache.org
> Subject: Re: SSO with centralized authentication
>
> Hi Andy,
>
> Authentication state must be known by both servers for either of them
> to know if the currently executing user (aka 'Subject') is
> authenticated. That is, if you authenticate on one server, how is the
> other server supposed to know that the user is authenticated unless
> they share that state somehow?
>
> There are a number of ways to solve your problem - are you looking for
> an idea of how I would solve this particular problem with Shiro or are
> you stating that you're tied to the mechanism that is in place now
> (redirect to another web page on another server then redirect back)
> and would like to know how to make that work?
>
> Regards,
>
> Les
>
> On Tue, Jul 28, 2009 at 3:20 PM, Andy Tripp<An...@vonage.com>
> wrote:
>> Les,
>>
>> We're trying to do a centralized authentication service, in which one
>> machine (one tomcat instance) does authentication and all other
> machines
>> just redirect all servlet requests to the authentication machine. If a
>> user is not authenticated, he gets the login screen, and on successful
>> login, gets routed from the authentication server back to the URL that
>> he requested on the application machine. So we'd have each application
>> do what the sample webapp does: have a ShiroFilter in web.xml which
>> redirects all URLS to login.jsp. At that point, the
>> WebUtils.saveRequest() call saves a URL, but it saves it on the
>> application machine, not the authentication server. Then, the
> login.jsp
>> ACTION is to invoke a servlet on the authentication machine, where the
>> WebUtils.getSavedRequest() would NOT retrieve the saved URL, because
> it
>> was saved back on the application machine.
>>
>> So it looks like these PassThruAuthenticationFilter and
>> FormAuthenticationFilter filters don't support centralized
>> authentication out-of-the-box. Everything works for me now, but only
>> because I'm running everything on a single machine.
>>
>> Does all that make sense? If so, don't we need to be "saving" the URL
> by
>> storing it as a hidden field on login.jsp, and setting the
>> user-requested URL as we send the user to login.jsp?
>>
>> Thanks again,
>> Andy
>>
>> p.s. I'm working with Gurpreet, and this is a variation on her recent
>> post to the list.
>>
>
Re: SSO with centralized authentication
Posted by "Daniel J. Lauk" <da...@gmail.com>.
Hi Andy,
> (http://www.simongbrown.com/blog/2004/11/04/1099588633312.html) might
> also be a reasonable approach.
I had a quick look at that article. I'm neither a tomcat nor a JEE
expert, but I can say that we use Apache httpd with kerberos
authentication quite successfully for our applications. Granted we
have only ~2000 users in our AD that kerberos authenticates against,
but it works quite well. Additionally you can configure Internet
Explorer and Mozilla Firefox to pass on a Kerberos TGT to trusted
hosts. This way the users who authenticated against the Windows Domain
controller (i.e. all Windows users upon login to the domain) are
automatically logged in to any web application that we "kerberized"
using Apache.
To use shiro for the remaining stuff you could implement a simple
realm that looks into the HTTP headers (IIRC the header is called
REMOTE_USER and it's set to the user name).
Surely some more experienced Shiro user/developer could tell you more
about the feasibility of this approach. Anyway, maybe this helps you
or anybody else on the list.
Cheers,
DJ
RE: SSO with centralized authentication
Posted by Andy Tripp <An...@vonage.com>.
Les,
I think I know how you'd solve this with Shiro. You'd use a "federated"
approach where you share memory across machines with a subclass of Cache
that uses Jcache, TerraCotta, Coherence, or some other
cross-machine-memory tool.
That doesn't seem like a good approach for us because we need to support
hundreds of thousands of simultaneous sessions across several (say 5-10)
different applications and many (say 100) servers. It seems crazy to
have every one of those applications store session information in
memory, and to have to integrate TerraCotta or another of these tools
into all these applications. It seems to be a lot more practical to
simply intercept every request to every application, send it to a
central authentication server, and then send the user back to his
requested URL after he's done authenticating. And of course just send
him to his URL immediately if he's already authenticated. This way,
individual applications need no real changes - no need to integrate with
TerraCotta or other tool, and only a simple XML-configuration to invoke
the centralized authentication.
Does this make sense to you? Wouldn't anybody who needs to support
100,000+ simultaneous single-sign-on sessions want to avoid storing
session info in memory across all the applications?
So it seems like my best option to do centralized authentiation with
Shiro is to implement my own subclass of Cache that sends a message to
the authentication server rather than checking local memory. I suppose I
could do that, but it seems like it's a pretty common scenario, so I
thought Shiro might have that ability built-in.
It seems like maybe I should just use CAS instead of Shiro. It looks
like making the Tomcat "single sign on" feature work across multiple
tomcat instances
(http://www.simongbrown.com/blog/2004/11/04/1099588633312.html) might
also be a reasonable approach.
Thanks again for all the help.
Andy
-----Original Message-----
From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
Behalf Of Les Hazlewood
Sent: Tuesday, July 28, 2009 4:37 PM
To: shiro-user@incubator.apache.org
Subject: Re: SSO with centralized authentication
Hi Andy,
Authentication state must be known by both servers for either of them
to know if the currently executing user (aka 'Subject') is
authenticated. That is, if you authenticate on one server, how is the
other server supposed to know that the user is authenticated unless
they share that state somehow?
There are a number of ways to solve your problem - are you looking for
an idea of how I would solve this particular problem with Shiro or are
you stating that you're tied to the mechanism that is in place now
(redirect to another web page on another server then redirect back)
and would like to know how to make that work?
Regards,
Les
On Tue, Jul 28, 2009 at 3:20 PM, Andy Tripp<An...@vonage.com>
wrote:
> Les,
>
> We're trying to do a centralized authentication service, in which one
> machine (one tomcat instance) does authentication and all other
machines
> just redirect all servlet requests to the authentication machine. If a
> user is not authenticated, he gets the login screen, and on successful
> login, gets routed from the authentication server back to the URL that
> he requested on the application machine. So we'd have each application
> do what the sample webapp does: have a ShiroFilter in web.xml which
> redirects all URLS to login.jsp. At that point, the
> WebUtils.saveRequest() call saves a URL, but it saves it on the
> application machine, not the authentication server. Then, the
login.jsp
> ACTION is to invoke a servlet on the authentication machine, where the
> WebUtils.getSavedRequest() would NOT retrieve the saved URL, because
it
> was saved back on the application machine.
>
> So it looks like these PassThruAuthenticationFilter and
> FormAuthenticationFilter filters don't support centralized
> authentication out-of-the-box. Everything works for me now, but only
> because I'm running everything on a single machine.
>
> Does all that make sense? If so, don't we need to be "saving" the URL
by
> storing it as a hidden field on login.jsp, and setting the
> user-requested URL as we send the user to login.jsp?
>
> Thanks again,
> Andy
>
> p.s. I'm working with Gurpreet, and this is a variation on her recent
> post to the list.
>
Re: SSO with centralized authentication
Posted by Les Hazlewood <lh...@apache.org>.
Hi Andy,
Authentication state must be known by both servers for either of them
to know if the currently executing user (aka 'Subject') is
authenticated. That is, if you authenticate on one server, how is the
other server supposed to know that the user is authenticated unless
they share that state somehow?
There are a number of ways to solve your problem - are you looking for
an idea of how I would solve this particular problem with Shiro or are
you stating that you're tied to the mechanism that is in place now
(redirect to another web page on another server then redirect back)
and would like to know how to make that work?
Regards,
Les
On Tue, Jul 28, 2009 at 3:20 PM, Andy Tripp<An...@vonage.com> wrote:
> Les,
>
> We're trying to do a centralized authentication service, in which one
> machine (one tomcat instance) does authentication and all other machines
> just redirect all servlet requests to the authentication machine. If a
> user is not authenticated, he gets the login screen, and on successful
> login, gets routed from the authentication server back to the URL that
> he requested on the application machine. So we'd have each application
> do what the sample webapp does: have a ShiroFilter in web.xml which
> redirects all URLS to login.jsp. At that point, the
> WebUtils.saveRequest() call saves a URL, but it saves it on the
> application machine, not the authentication server. Then, the login.jsp
> ACTION is to invoke a servlet on the authentication machine, where the
> WebUtils.getSavedRequest() would NOT retrieve the saved URL, because it
> was saved back on the application machine.
>
> So it looks like these PassThruAuthenticationFilter and
> FormAuthenticationFilter filters don't support centralized
> authentication out-of-the-box. Everything works for me now, but only
> because I'm running everything on a single machine.
>
> Does all that make sense? If so, don't we need to be "saving" the URL by
> storing it as a hidden field on login.jsp, and setting the
> user-requested URL as we send the user to login.jsp?
>
> Thanks again,
> Andy
>
> p.s. I'm working with Gurpreet, and this is a variation on her recent
> post to the list.
>
SSO with centralized authentication
Posted by Andy Tripp <An...@vonage.com>.
Les,
We're trying to do a centralized authentication service, in which one
machine (one tomcat instance) does authentication and all other machines
just redirect all servlet requests to the authentication machine. If a
user is not authenticated, he gets the login screen, and on successful
login, gets routed from the authentication server back to the URL that
he requested on the application machine. So we'd have each application
do what the sample webapp does: have a ShiroFilter in web.xml which
redirects all URLS to login.jsp. At that point, the
WebUtils.saveRequest() call saves a URL, but it saves it on the
application machine, not the authentication server. Then, the login.jsp
ACTION is to invoke a servlet on the authentication machine, where the
WebUtils.getSavedRequest() would NOT retrieve the saved URL, because it
was saved back on the application machine.
So it looks like these PassThruAuthenticationFilter and
FormAuthenticationFilter filters don't support centralized
authentication out-of-the-box. Everything works for me now, but only
because I'm running everything on a single machine.
Does all that make sense? If so, don't we need to be "saving" the URL by
storing it as a hidden field on login.jsp, and setting the
user-requested URL as we send the user to login.jsp?
Thanks again,
Andy
p.s. I'm working with Gurpreet, and this is a variation on her recent
post to the list.
Re: sending user to page after login
Posted by Les Hazlewood <lh...@apache.org>.
Hi Andy,
The existing FormAuthenticationFilter does indeed already perform this
logic of redirect immediately after successful login in its
onLoginSuccess method implementation.
Cheers,
Les
On Tue, Jul 28, 2009 at 11:13 AM, Andy Tripp<An...@vonage.com> wrote:
> Les,
>
> I found my answer - each of the various filters saves the URL that the
> user's trying to reach by calling Webutils.saveRequest(). After a user
> has successfully logged in, I can get it by calling
> WebUtils.getAndClearSavedRequest().
>
> It seems to me that redirecting the user to his requested page should be
> the "default behavior" - most applications work that way, and when it
> doesn't it drives us users nuts.
>
> So if FormAuthenticationFilter could call login() AND then redirect,
> that would be nice. Alternatively, add a new filter class that does
> that. Or at least change the sample webapp to work this way by...
> 1) having this in web.xml:
>
> # Form-based Authentication filter:
> myauthc = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
> myauthc.loginUrl = /login.jsp
> myauthc.usernameParam = username
> myauthc.passwordParam = password
> myauthc.rememberMeParam = rememberMe
> myauthc.successUrl = /login.jsp
> myauthc.failureKeyAttribute =
> FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME
> ...
> /account/** = myauthc
>
> 2) Putting notes in the login.jsp saying that the FORM action needs to
> invoke a servlet.
>
> 3) Providing a servlet:
> public class LoginServlet extends HttpServlet {
> public synchronized void doPost(HttpServletRequest request,
> HttpServletResponse response)
> throws IOException, ServletException {
> Subject subject = SecurityUtils.getSubject();
>
> String username = request.getParameter("username");
> String password = request.getParameter("password");
>
> UsernamePasswordToken token = new
> UsernamePasswordToken(username, password);
>
> try {
> subject.login(token);
> System.err.println("login succeeded: username=" + username +
> " password=" + password);
> } catch (UnknownAccountException ex) {
> System.err.println("Invalid username:" + username);
> // TODO: show error to user
> return;
> } catch (IncorrectCredentialsException ex) {
> System.err.println("Incorrect password for username:" +
> username);
> // TODO: show error to user
> return;
> }
> SavedRequest savedRequest =
> WebUtils.getAndClearSavedRequest(request);
> response.sendRedirect(savedRequest.getRequestUrl());
> }
> }
>
>
>
> Andy
>
>
> -----Original Message-----
> From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
> Sent: Tuesday, July 28, 2009 9:58 AM
> To: shiro-user@incubator.apache.org
> Subject: sending user to page after login
>
> Les,
> OK, I'm using PassThruAuthenticationFilter now. But I still don't know
> how to store the URL that the user is tring to get to so that I can send
> him there after successful login. I have this in my ShiroFilter config:
> /account/** = myauthc
> ...and how that's being handled is a mystery to me.
>
> Andy
>
> -----Original Message-----
> From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
> Behalf Of Les Hazlewood
> Sent: Monday, July 27, 2009 5:38 PM
> To: shiro-user@incubator.apache.org
> Subject: Re:
>
> Hi Andy,
>
> Yep, you can do this, but you'll need to use the
> PassThruAuthenticationFilter instead to 'pass thru' the request to
> your login controller directly. The 'authc' filter defaults to an
> instance of the
> org.apache.shiro.web.filter.authc.FormAuthenticationFilter class and
> is used only if you want Shiro to be the 'controller' for form
> submissions. This works fine in many apps, but for more customized
> processing, you'll definitely want to use the
> PassThruAuthenticationFilter instead.
>
> You have two ways to do this. In your ShiroFilter's .ini config, you
> can 1) reassign the 'authc' filter to be what you want:
>
> [filters]
> ...
> authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
>
> or you can 2) just create a new filter and reference that everywhere
> instead of 'authc':
>
> myAuthc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
>
> [urls]
> /some/path = myAuthc
> etc.
>
> I tend to prefer the first to avoid the confusion that there might be
> more than one authentication filter, but it is entirely up to you.
>
> Cheers,
>
> Les
>
> On Mon, Jul 27, 2009 at 4:00 PM, Andy Tripp<An...@vonage.com>
> wrote:
>> Hi,
>> I have a question about filters.
>> In the javadoc for the ShiroFilter class, it shows how to redirect all
>> requests to urls under "/account" to the built-in "authc" filter. I've
>> got that working in the "webapp" example, and I've changed the
> login.jsp
>> to invoke my servlet that does the authentication.
>>
>> But now, of couse, I want to pass the user on to the page he was
> trying
>> to get to (e.g. /account/index.jsp). Is there a way to do that?
> Perhaps
>> a way in the filter configuration text that says "redirect all
>> /account/** requests to login.jsp, and set the hidden form field
> called
>> 'nextPage' to the specific URL that the user's trying to get to" or
>> something like that?
>>
>> Thanks,
>> Andy
>>
>
RE: sending user to page after login
Posted by Andy Tripp <An...@vonage.com>.
Les,
I found my answer - each of the various filters saves the URL that the
user's trying to reach by calling Webutils.saveRequest(). After a user
has successfully logged in, I can get it by calling
WebUtils.getAndClearSavedRequest().
It seems to me that redirecting the user to his requested page should be
the "default behavior" - most applications work that way, and when it
doesn't it drives us users nuts.
So if FormAuthenticationFilter could call login() AND then redirect,
that would be nice. Alternatively, add a new filter class that does
that. Or at least change the sample webapp to work this way by...
1) having this in web.xml:
# Form-based Authentication filter:
myauthc = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
myauthc.loginUrl = /login.jsp
myauthc.usernameParam = username
myauthc.passwordParam = password
myauthc.rememberMeParam = rememberMe
myauthc.successUrl = /login.jsp
myauthc.failureKeyAttribute =
FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME
...
/account/** = myauthc
2) Putting notes in the login.jsp saying that the FORM action needs to
invoke a servlet.
3) Providing a servlet:
public class LoginServlet extends HttpServlet {
public synchronized void doPost(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException {
Subject subject = SecurityUtils.getSubject();
String username = request.getParameter("username");
String password = request.getParameter("password");
UsernamePasswordToken token = new
UsernamePasswordToken(username, password);
try {
subject.login(token);
System.err.println("login succeeded: username=" + username +
" password=" + password);
} catch (UnknownAccountException ex) {
System.err.println("Invalid username:" + username);
// TODO: show error to user
return;
} catch (IncorrectCredentialsException ex) {
System.err.println("Incorrect password for username:" +
username);
// TODO: show error to user
return;
}
SavedRequest savedRequest =
WebUtils.getAndClearSavedRequest(request);
response.sendRedirect(savedRequest.getRequestUrl());
}
}
Andy
-----Original Message-----
From: Andy Tripp [mailto:Andrew.Tripp@vonage.com]
Sent: Tuesday, July 28, 2009 9:58 AM
To: shiro-user@incubator.apache.org
Subject: sending user to page after login
Les,
OK, I'm using PassThruAuthenticationFilter now. But I still don't know
how to store the URL that the user is tring to get to so that I can send
him there after successful login. I have this in my ShiroFilter config:
/account/** = myauthc
...and how that's being handled is a mystery to me.
Andy
-----Original Message-----
From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
Behalf Of Les Hazlewood
Sent: Monday, July 27, 2009 5:38 PM
To: shiro-user@incubator.apache.org
Subject: Re:
Hi Andy,
Yep, you can do this, but you'll need to use the
PassThruAuthenticationFilter instead to 'pass thru' the request to
your login controller directly. The 'authc' filter defaults to an
instance of the
org.apache.shiro.web.filter.authc.FormAuthenticationFilter class and
is used only if you want Shiro to be the 'controller' for form
submissions. This works fine in many apps, but for more customized
processing, you'll definitely want to use the
PassThruAuthenticationFilter instead.
You have two ways to do this. In your ShiroFilter's .ini config, you
can 1) reassign the 'authc' filter to be what you want:
[filters]
...
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
or you can 2) just create a new filter and reference that everywhere
instead of 'authc':
myAuthc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
[urls]
/some/path = myAuthc
etc.
I tend to prefer the first to avoid the confusion that there might be
more than one authentication filter, but it is entirely up to you.
Cheers,
Les
On Mon, Jul 27, 2009 at 4:00 PM, Andy Tripp<An...@vonage.com>
wrote:
> Hi,
> I have a question about filters.
> In the javadoc for the ShiroFilter class, it shows how to redirect all
> requests to urls under "/account" to the built-in "authc" filter. I've
> got that working in the "webapp" example, and I've changed the
login.jsp
> to invoke my servlet that does the authentication.
>
> But now, of couse, I want to pass the user on to the page he was
trying
> to get to (e.g. /account/index.jsp). Is there a way to do that?
Perhaps
> a way in the filter configuration text that says "redirect all
> /account/** requests to login.jsp, and set the hidden form field
called
> 'nextPage' to the specific URL that the user's trying to get to" or
> something like that?
>
> Thanks,
> Andy
>
sending user to page after login
Posted by Andy Tripp <An...@vonage.com>.
Les,
OK, I'm using PassThruAuthenticationFilter now. But I still don't know
how to store the URL that the user is tring to get to so that I can send
him there after successful login. I have this in my ShiroFilter config:
/account/** = myauthc
...and how that's being handled is a mystery to me.
Andy
-----Original Message-----
From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
Behalf Of Les Hazlewood
Sent: Monday, July 27, 2009 5:38 PM
To: shiro-user@incubator.apache.org
Subject: Re:
Hi Andy,
Yep, you can do this, but you'll need to use the
PassThruAuthenticationFilter instead to 'pass thru' the request to
your login controller directly. The 'authc' filter defaults to an
instance of the
org.apache.shiro.web.filter.authc.FormAuthenticationFilter class and
is used only if you want Shiro to be the 'controller' for form
submissions. This works fine in many apps, but for more customized
processing, you'll definitely want to use the
PassThruAuthenticationFilter instead.
You have two ways to do this. In your ShiroFilter's .ini config, you
can 1) reassign the 'authc' filter to be what you want:
[filters]
...
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
or you can 2) just create a new filter and reference that everywhere
instead of 'authc':
myAuthc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
[urls]
/some/path = myAuthc
etc.
I tend to prefer the first to avoid the confusion that there might be
more than one authentication filter, but it is entirely up to you.
Cheers,
Les
On Mon, Jul 27, 2009 at 4:00 PM, Andy Tripp<An...@vonage.com>
wrote:
> Hi,
> I have a question about filters.
> In the javadoc for the ShiroFilter class, it shows how to redirect all
> requests to urls under "/account" to the built-in "authc" filter. I've
> got that working in the "webapp" example, and I've changed the
login.jsp
> to invoke my servlet that does the authentication.
>
> But now, of couse, I want to pass the user on to the page he was
trying
> to get to (e.g. /account/index.jsp). Is there a way to do that?
Perhaps
> a way in the filter configuration text that says "redirect all
> /account/** requests to login.jsp, and set the hidden form field
called
> 'nextPage' to the specific URL that the user's trying to get to" or
> something like that?
>
> Thanks,
> Andy
>
Re:
Posted by Les Hazlewood <lh...@apache.org>.
Hi Andy,
Yep, you can do this, but you'll need to use the
PassThruAuthenticationFilter instead to 'pass thru' the request to
your login controller directly. The 'authc' filter defaults to an
instance of the
org.apache.shiro.web.filter.authc.FormAuthenticationFilter class and
is used only if you want Shiro to be the 'controller' for form
submissions. This works fine in many apps, but for more customized
processing, you'll definitely want to use the
PassThruAuthenticationFilter instead.
You have two ways to do this. In your ShiroFilter's .ini config, you
can 1) reassign the 'authc' filter to be what you want:
[filters]
...
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
or you can 2) just create a new filter and reference that everywhere
instead of 'authc':
myAuthc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
[urls]
/some/path = myAuthc
etc.
I tend to prefer the first to avoid the confusion that there might be
more than one authentication filter, but it is entirely up to you.
Cheers,
Les
On Mon, Jul 27, 2009 at 4:00 PM, Andy Tripp<An...@vonage.com> wrote:
> Hi,
> I have a question about filters.
> In the javadoc for the ShiroFilter class, it shows how to redirect all
> requests to urls under "/account" to the built-in "authc" filter. I've
> got that working in the "webapp" example, and I've changed the login.jsp
> to invoke my servlet that does the authentication.
>
> But now, of couse, I want to pass the user on to the page he was trying
> to get to (e.g. /account/index.jsp). Is there a way to do that? Perhaps
> a way in the filter configuration text that says "redirect all
> /account/** requests to login.jsp, and set the hidden form field called
> 'nextPage' to the specific URL that the user's trying to get to" or
> something like that?
>
> Thanks,
> Andy
>
(Unknown)
Posted by Andy Tripp <An...@vonage.com>.
Hi,
I have a question about filters.
In the javadoc for the ShiroFilter class, it shows how to redirect all
requests to urls under "/account" to the built-in "authc" filter. I've
got that working in the "webapp" example, and I've changed the login.jsp
to invoke my servlet that does the authentication.
But now, of couse, I want to pass the user on to the page he was trying
to get to (e.g. /account/index.jsp). Is there a way to do that? Perhaps
a way in the filter configuration text that says "redirect all
/account/** requests to login.jsp, and set the hidden form field called
'nextPage' to the specific URL that the user's trying to get to" or
something like that?
Thanks,
Andy
Re: Exception: There is no session with id
Posted by Les Hazlewood <lh...@apache.org>.
Hi Gurpreet,
That session ID does not look like the ones Shiro generates by
default, which leads me to believe that you might be using a custom
SessionDAO which would generate the IDs automatically. This is
perfectly fine of course, but if it is the case, are you absolutely
sure your SessionDAO is persisting the Session correctly? Could it be
a transactional thing, where the session has not been committed to the
the session data store by the time the next session lookup occurs? My
first suspicion is that this is transactionally related.
Also check that your session timeout global configuration is not very
low - 0 or some low number of milliseconds or seconds - this would
naturally cause the underlying Session to be invalidated very quickly.
Finally, I made some significant improvements to the SessionManager
infrastructure over the last few days with more unit tests to verify
functionality. I'd recommend updating your Shiro .jars to the latest
in SVN if that is at all possible for you.
Cheers,
Les
On Mon, Jul 27, 2009 at 2:47 PM, gkaur<gk...@vonage.com> wrote:
>
> Here is the exception,
>
>
>
> I am not sure how the session can be deleted when this is happening right
> after the login screen, after putting my credentials.
>
>
>
>
>
> URL/login.jsp
>
> SERVLET: objectType=login op=read
>
> Session IDCE696C47FF047F580CD6B5CF119A3855
>
> org.apache.shiro.session.UnknownSessionException: There is no session with
> id [CE696C47FF047F580CD6B5CF119A3855]
>
> at
> org.apache.shiro.session.mgt.AbstractSessionManager.getSession(AbstractSessionManager.java:231)
>
> at
> org.apache.shiro.session.mgt.AbstractSessionManager.setAttribute(AbstractSessionManager.java:212)
>
> at
> org.apache.shiro.mgt.SessionsSecurityManager.setAttribute(SessionsSecurityManager.java:367)
>
> at
> org.apache.shiro.session.mgt.DelegatingSession.setAttribute(DelegatingSession.java:222)
>
> at
> org.apache.shiro.session.ProxiedSession.setAttribute(ProxiedSession.java:130)
>
> at
> org.apache.shiro.mgt.SessionSubjectBinder.bindToSession(SessionSubjectBinder.java:88)
>
> at
> org.apache.shiro.mgt.SessionSubjectBinder.bind(SessionSubjectBinder.java:80)
>
> at
> org.apache.shiro.mgt.DefaultSecurityManager.bind(DefaultSecurityManager.java:251)
>
> at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:346)
>
> at
> org.apache.shiro.subject.DelegatingSubject.login(DelegatingSubject.java:254)
>
> at com.vonage.auth.servlet.Login.doGet(Login.java:93)
>
> at com.vonage.auth.servlet.Login.doPost(Login.java:142)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>
> at
> org.apache.shiro.web.servlet.ShiroFilter.executeChain(ShiroFilter.java:614)
>
> at
> org.apache.shiro.web.servlet.ShiroFilter.doFilterInternal(ShiroFilter.java:554)
>
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:190)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>
> at java.lang.Thread.run(Thread.java:619)
>
> Thank you
> Gurpreet
>
>
>
> Les Hazlewood-2 wrote:
>>
>> Hi Gurpreet,
>>
>> Do you have a stack trace? That exception typically arises when a
>> session id is used to look up a session that has been deleted (e.g.
>> after expiration).
>>
>> On Thu, Jul 23, 2009 at 4:56 PM, gkaur<gk...@vonage.com> wrote:
>>>
>>> Hi,
>>>
>>> I am getting an exception after putting in my correct credentials to a
>>> login
>>> screen
>>> Exception is
>>>
>>> org.apache.shiro.session.UnknownSessionException: There is no session
>>> with
>>> id
>>>
>>> I am not sure what is the cause of this exception
>>>
>>> But after the login servlet gets called the Page is forwarded to a
>>> viewcontacts page.
>>> But before even if it gets to that point subject.login(token) fails.
>>>
>>> Thank you
>>> -Gurpreet
>>> --
>>> View this message in context:
>>> http://n2.nabble.com/Exception%3A-There-is-no-session-with-id-tp3312246p3312246.html
>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>>
>>
>>
>
> --
> View this message in context: http://n2.nabble.com/Exception%3A-There-is-no-session-with-id-tp3312246p3335672.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Exception: There is no session with id
Posted by gkaur <gk...@vonage.com>.
Here is the exception,
I am not sure how the session can be deleted when this is happening right
after the login screen, after putting my credentials.
URL/login.jsp
SERVLET: objectType=login op=read
Session IDCE696C47FF047F580CD6B5CF119A3855
org.apache.shiro.session.UnknownSessionException: There is no session with
id [CE696C47FF047F580CD6B5CF119A3855]
at
org.apache.shiro.session.mgt.AbstractSessionManager.getSession(AbstractSessionManager.java:231)
at
org.apache.shiro.session.mgt.AbstractSessionManager.setAttribute(AbstractSessionManager.java:212)
at
org.apache.shiro.mgt.SessionsSecurityManager.setAttribute(SessionsSecurityManager.java:367)
at
org.apache.shiro.session.mgt.DelegatingSession.setAttribute(DelegatingSession.java:222)
at
org.apache.shiro.session.ProxiedSession.setAttribute(ProxiedSession.java:130)
at
org.apache.shiro.mgt.SessionSubjectBinder.bindToSession(SessionSubjectBinder.java:88)
at
org.apache.shiro.mgt.SessionSubjectBinder.bind(SessionSubjectBinder.java:80)
at
org.apache.shiro.mgt.DefaultSecurityManager.bind(DefaultSecurityManager.java:251)
at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:346)
at
org.apache.shiro.subject.DelegatingSubject.login(DelegatingSubject.java:254)
at com.vonage.auth.servlet.Login.doGet(Login.java:93)
at com.vonage.auth.servlet.Login.doPost(Login.java:142)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.shiro.web.servlet.ShiroFilter.executeChain(ShiroFilter.java:614)
at
org.apache.shiro.web.servlet.ShiroFilter.doFilterInternal(ShiroFilter.java:554)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:190)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Thank you
Gurpreet
Les Hazlewood-2 wrote:
>
> Hi Gurpreet,
>
> Do you have a stack trace? That exception typically arises when a
> session id is used to look up a session that has been deleted (e.g.
> after expiration).
>
> On Thu, Jul 23, 2009 at 4:56 PM, gkaur<gk...@vonage.com> wrote:
>>
>> Hi,
>>
>> I am getting an exception after putting in my correct credentials to a
>> login
>> screen
>> Exception is
>>
>> org.apache.shiro.session.UnknownSessionException: There is no session
>> with
>> id
>>
>> I am not sure what is the cause of this exception
>>
>> But after the login servlet gets called the Page is forwarded to a
>> viewcontacts page.
>> But before even if it gets to that point subject.login(token) fails.
>>
>> Thank you
>> -Gurpreet
>> --
>> View this message in context:
>> http://n2.nabble.com/Exception%3A-There-is-no-session-with-id-tp3312246p3312246.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>
--
View this message in context: http://n2.nabble.com/Exception%3A-There-is-no-session-with-id-tp3312246p3335672.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Exception: There is no session with id
Posted by Les Hazlewood <lh...@apache.org>.
Hi Gurpreet,
Do you have a stack trace? That exception typically arises when a
session id is used to look up a session that has been deleted (e.g.
after expiration).
On Thu, Jul 23, 2009 at 4:56 PM, gkaur<gk...@vonage.com> wrote:
>
> Hi,
>
> I am getting an exception after putting in my correct credentials to a login
> screen
> Exception is
>
> org.apache.shiro.session.UnknownSessionException: There is no session with
> id
>
> I am not sure what is the cause of this exception
>
> But after the login servlet gets called the Page is forwarded to a
> viewcontacts page.
> But before even if it gets to that point subject.login(token) fails.
>
> Thank you
> -Gurpreet
> --
> View this message in context: http://n2.nabble.com/Exception%3A-There-is-no-session-with-id-tp3312246p3312246.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>