You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Paul Holding <pa...@pholding.co.uk> on 2014/10/18 22:17:30 UTC
UnknownSessionException when using SessionScoped CDI managed beans
with Shiro managed sessions
I am developing a JSF web based application that makes use of CDI managed
beans and Shiro managed sessions. The problem I've got is when a JSF page
that references an object annotated with
@javax.enterprise.context.SessionScoped an UnknownSessionException is
thrown. I have set the logging level to finest and looking through the
application server log file I can see that when the user accesses the login
page a new session is created along with a cookie that sets JSESSIONID to
b2b69494-2236-467f-9e0b-3c262c74b7c4. When the user accesses the page that
references the SessionScoped bean the cookie is updated to have a JSESSIONID
set to 49253beaee601d4107cba4b61c77, at this point an
UnknownSessionException is thrown. When accessing pages that reference a
managed bean annotated with either
@javax.enterprise.context.ApplicationScoped or @javax.faces.view.ViewScoped
everything works fine.
It appears that when accessing a page that references a session scoped bean,
the servlet container is creating a new session rather than allowing the
Shiro managed session to be used. If I configure Shiro to use something
other than JSESSIONID then the error isn't thrown but instead two sessions
appear to be created, one managed by Shiro and the other managed by the
servlet container.
The contents of my shiro.ini file is
[main]
authc.loginUrl = /login.xhtml
authc.usernameParam = login:username
authc.passwordParam = login:password
authc.rememberMeParam = login:rememberMe
user.loginUrl = /login.xhtml
authc.successUrl = /app/index.xhtml
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
[users]
admin = password
[urls]
/login.xhtml = authc
/app/** = user
My environment is using Glassfish 4.1, Java EE version 7, Mojarra version
2.2.7 for JSF, Weld version 2.2.2 for CDI, and Shiro version 1.2.3. I have
also reproduced the same issue on Glassfish version 4.0 albeit with earlier
versions of Mojarra and Weld.
I have uploaded the relevant portion of the application server log to
PasteBin which can be accessed with the URL http://pastebin.com/2sPHfdTQ
<http://pastebin.com/2sPHfdTQ>
I've also created an example Maven project to demonstrate the problem. The
example project can be downloaded from
https://www.dropbox.com/s/1x9pe2o9ja0q9jw/TestJavaEE-web.zip?dl=0
<https://www.dropbox.com/s/1x9pe2o9ja0q9jw/TestJavaEE-web.zip?dl=0> which
contains the source code and the complied war file.
Is anyone else currently using CDI managed session scoped beans with Shiro
managed sessions, and if so have you had any problems?
Is there a configuration setting I've missed either in Shiro or GlassFish or
is this a bug?
Many Thanks
Paul
--
View this message in context: http://shiro-user.582556.n2.nabble.com/UnknownSessionException-when-using-SessionScoped-CDI-managed-beans-with-Shiro-managed-sessions-tp7580281.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: UnknownSessionException when using SessionScoped CDI managed
beans with Shiro managed sessions
Posted by Paul Holding <pa...@pholding.co.uk>.
juan rojas wrote
> Did you see Pax Shiro
> https://ops4j1.jira.com/wiki/display/PAXSHIRO/OPS4J+Pax+Shiro
Hi Juan
The project I'm working on already makes use of Pax Shiro to allow me to
inject custom realms and authentication listeners using CDI, but this
doesn't seem to help with CDI session scoped beans. From what I can gather
Pax Shiro provides CDI dependency injection but the issue I've got seems to
be with the management of HTTP sessions.
The example that I created to demonstrate the problem doesn't use Pax Shiro
as I wanted to exclude as many things as possible from causing this problem.
Nevertheless I've just tried adding Pax Shiro into the example code and the
UnknownSessionException is still thrown when accessing a JSF page that
references a CDI session scoped bean.
Kind Regards
Paul
--
View this message in context: http://shiro-user.582556.n2.nabble.com/UnknownSessionException-when-using-SessionScoped-CDI-managed-beans-with-Shiro-managed-sessions-tp7580281p7580284.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: UnknownSessionException when using SessionScoped CDI managed
beans with Shiro managed sessions
Posted by juan manuel rojas ronquillo <ju...@rhemsolutions.com>.
Did you see Pax Shiro
https://ops4j1.jira.com/wiki/display/PAXSHIRO/OPS4J+Pax+Shiro
2014-10-18 15:17 GMT-05:00 Paul Holding <pa...@pholding.co.uk>:
> I am developing a JSF web based application that makes use of CDI managed
> beans and Shiro managed sessions. The problem I've got is when a JSF page
> that references an object annotated with
> @javax.enterprise.context.SessionScoped an UnknownSessionException is
> thrown. I have set the logging level to finest and looking through the
> application server log file I can see that when the user accesses the login
> page a new session is created along with a cookie that sets JSESSIONID to
> b2b69494-2236-467f-9e0b-3c262c74b7c4. When the user accesses the page that
> references the SessionScoped bean the cookie is updated to have a JSESSIONID
> set to 49253beaee601d4107cba4b61c77, at this point an
> UnknownSessionException is thrown. When accessing pages that reference a
> managed bean annotated with either
> @javax.enterprise.context.ApplicationScoped or @javax.faces.view.ViewScoped
> everything works fine.
>
> It appears that when accessing a page that references a session scoped bean,
> the servlet container is creating a new session rather than allowing the
> Shiro managed session to be used. If I configure Shiro to use something
> other than JSESSIONID then the error isn't thrown but instead two sessions
> appear to be created, one managed by Shiro and the other managed by the
> servlet container.
>
> The contents of my shiro.ini file is
> [main]
> authc.loginUrl = /login.xhtml
> authc.usernameParam = login:username
> authc.passwordParam = login:password
> authc.rememberMeParam = login:rememberMe
> user.loginUrl = /login.xhtml
> authc.successUrl = /app/index.xhtml
>
> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> securityManager.sessionManager = $sessionManager
>
> [users]
> admin = password
>
> [urls]
> /login.xhtml = authc
> /app/** = user
>
> My environment is using Glassfish 4.1, Java EE version 7, Mojarra version
> 2.2.7 for JSF, Weld version 2.2.2 for CDI, and Shiro version 1.2.3. I have
> also reproduced the same issue on Glassfish version 4.0 albeit with earlier
> versions of Mojarra and Weld.
>
> I have uploaded the relevant portion of the application server log to
> PasteBin which can be accessed with the URL http://pastebin.com/2sPHfdTQ
> <http://pastebin.com/2sPHfdTQ>
> I've also created an example Maven project to demonstrate the problem. The
> example project can be downloaded from
> https://www.dropbox.com/s/1x9pe2o9ja0q9jw/TestJavaEE-web.zip?dl=0
> <https://www.dropbox.com/s/1x9pe2o9ja0q9jw/TestJavaEE-web.zip?dl=0> which
> contains the source code and the complied war file.
>
> Is anyone else currently using CDI managed session scoped beans with Shiro
> managed sessions, and if so have you had any problems?
>
> Is there a configuration setting I've missed either in Shiro or GlassFish or
> is this a bug?
>
> Many Thanks
>
> Paul
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/UnknownSessionException-when-using-SessionScoped-CDI-managed-beans-with-Shiro-managed-sessions-tp7580281.html
> Sent from the Shiro User mailing list archive at Nabble.com.