You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by mixtou <mi...@gmail.com> on 2019/06/13 09:11:58 UTC
Apache Shiro JWT Token Authentication Random Disconnects Problem
With SessionTimeout
I have implemented shiro jwt token authentication using as reference Shiro
json web token
<https://www.novatec-gmbh.de/en/blog/json-web-token-apache-shiro/> .
Everything works fine besides that i have random disconnects with
SessionTimeOut Exception. Disconnects happen completely randomly. I might
have 3 disconnects in one Day or 1 Disconnect in one Week. The user logs in
with token authentication and token expiration of 1 Week period. However
while logged in suddenly and randomly gets logged out.
Has anyone faced a similar situation?
Can someone guide me where to look to isolate/find the problem?
Is my code correctly implemented?
Bellow is my code. To implement the functionality i have implemented one
*Realm* and one *Filter*.
I have tried to completely disable sessions completely using
*securityManager.subjectDAO.sessionStorageEvaluator.sessionStorageEnabled =
false*
in Shiro.ini but then Authentication Fails. No Subject Exists...
Any Example would be highly appreciated, shiro lacks of documentation...
*Shiro.ini File*
[main]
jwtg = gr.histopath.platform.lib.JWTGuard
jwtv = gr.histopath.platform.lib.JWTVerifyingFilter
ds = com.mysql.cj.jdbc.MysqlDataSource
ds.serverName = 127.0.0.1
ds.port = 3306
ds.user = histopathUser
ds.password = H1s+0p@+h.U$er
ds.databaseName = histopath
jdbcRealm = gr.histopath.platform.lib.MyRealm
jdbcRealm.dataSource = $ds
credentialsMatcher =
org.apache.shiro.authc.credential.Sha512CredentialsMatcher
credentialsMatcher.hashIterations = 50000
credentialsMatcher.hashSalted = true
credentialsMatcher.storedCredentialsHexEncoded = false
jdbcRealm.credentialsMatcher = $credentialsMatcher
jdbcRealm.permissionsLookupEnabled = false
shiro.loginUrl = /authentication/login
#cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
securityManager.cacheManager = $cacheManager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 172800000
# ssl.enabled = false
securityManager.realms = $jdbcRealm
[users]
[roles]
[urls]
/authentication/login = authc
# /authentication/logout = logout
/search/* = noSessionCreation, jwtv
/statistics/* = noSessionCreation, jwtv
/clinics/* = noSessionCreation, jwtv
/patients/* = noSessionCreation, jwtv
/incidents/* = noSessionCreation, jwtv
/doctors/* = noSessionCreation, jwtv
/users/new = noSessionCreation, anon
/users/details/* = noSessionCreation, anon
/users/* = noSessionCreation, jwtv
/* = anon
*MyRealm.java*
public class MyRealm extends JdbcRealm {
private UserDAO userDAO;
private User user;
private String password;
private ByteSource salt;
private static final Logger logger =
LoggerFactory.getLogger(MyRealm.class);
public MyRealm() {
this.userDAO = new UserDAO();
setSaltStyle(SaltStyle.COLUMN);
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
// identify account to log to
UsernamePasswordToken userPassToken = (UsernamePasswordToken) token;
String username = userPassToken.getUsername();
logger.debug("GMOTO: " + userPassToken.getUsername());
if (username.equals(null)) {
logger.debug("Username is null.");
return null;
}
// read password hash and salt from db
// System.out.println("Username: " + username);
if(!userDAO.isOpen()){
userDAO = new UserDAO();
}
this.user = userDAO.getByUsername(username);
this.userDAO.closeEntityManager();
logger.debug("user's email: " + this.user.getUsername());
if (this.user == null) {
logger.debug("No account found for user [" + username + "]");
return null;
}
this.password = this.user.getPassword();
this.salt =
ByteSource.Util.bytes(Base64.decode(this.user.getSalt()));
SaltedAuthenticationInfo info = new SimpleAuthenticationInfo(user,
password, salt, getName());
return info;
}
}
*JWTVerigyingFilter.java*
public class JWTVerifyingFilter extends AccessControlFilter {
private static final Logger logger =
LoggerFactory.getLogger(JWTVerifyingFilter.class);
@Override
protected boolean isAccessAllowed(ServletRequest servletRequest,
ServletResponse servletResponse, Object o) {
logger.debug("Verifying Filter Execution");
HttpServletRequest httpRequest = (HttpServletRequest)
servletRequest;
String jwt = httpRequest.getHeader("Authorization");
if (jwt == null || !jwt.startsWith("Bearer ")) {
// System.out.println("DEn Brika Tipota: ");
logger.debug("No Token Found...");
//
servletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
logger.debug("JWT Found");
logger.debug("JWT Content: " + jwt);
jwt = jwt.substring(jwt.indexOf(" "));
Subject subject = SecurityUtils.getSubject();
logger.debug("SecurityUtils Subject: " + subject.getPrincipal());
// System.out.println("Token Found");
// System.out.println("JWT: " + jwt);
// System.out.println("Authenticated? " + subject.isAuthenticated());
// System.out.println(" session " + subject.getSession().getId());
// System.out.println(" salt " + ((User)
subject.getPrincipal()).getSalt());
// System.out.println(" who-is " + ((User)
subject.getPrincipal()).getUsername());
User user = null;
logger.debug("Is Subject Authenticated: " +
subject.isAuthenticated());
if (subject.isAuthenticated()) {
user = (User) subject.getPrincipal();
String username = null;
try {
Jws<Claims> claimsJws = Jwts.parser()
.setSigningKey(DatatypeConverter.parseBase64Binary(user.getSalt()))
.parseClaimsJws(jwt);
// System.out.println("Claims: " + claimsJws);
logger.debug("Expiration: " +
claimsJws.getBody().getExpiration());
username = claimsJws.getBody().getSubject();
} catch (ExpiredJwtException expiredException) {
logger.error("Token Is Expired....");
logger.error(expiredException.getMessage(),
expiredException);
// System.out.println("Token IS Expired.....");
// expiredException.printStackTrace();
logger.debug("Logging out the user...");
// System.out.println("Logging out the user...");
SecurityUtils.getSubject().logout();
// System.out.println("mmmnnnnn: " +
SecurityUtils.getSubject().isAuthenticated());
return false;
// throw expiredException;
} catch (SignatureException signatureException) {
logger.error(signatureException.getMessage(),
signatureException);
// signatureException.printStackTrace();
return false;
} catch (Exception e) {
logger.error(e.getMessage(), e);
// e.printStackTrace();
return false;
}
System.out.println("Subject: " + user.getUsername());
return username.equals(user.getUsername());
}
// response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
@Override
protected boolean onAccessDenied(ServletRequest servletRequest,
ServletResponse servletResponse) {
HttpServletResponse response = (HttpServletResponse)
servletResponse;
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return false;
}
}
I have also posted the question in stack overflow Question
<https://stackoverflow.com/questions/56576654/apache-shiro-jwt-token-authentication-random-disconnects-problem-with-sessiontim>
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: Apache Shiro JWT Token Authentication Random Disconnects
Problem With SessionTimeout
Posted by mixtou <mi...@gmail.com>.
I have already ehcache2 enables as second level cache for hibernate where i
have the corresponding rules for shiro. Below is my ehcache.xml
<?xml version="1.0" ?>
<ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
updateCheck="true" monitoring="autodetect" dynamicConfig="true"
xsi:noNamespaceSchemaLocation="ehcache.xsd" name="ehcache2"
maxBytesLocalHeap="100M" maxBytesLocalDisk="1G">
<diskStore path="java.io.tmpdir/ehchache"/>
<defaultCache
eternal="false"
timeToLiveSeconds="600"
timeToIdleSeconds="300"
overflowToDisk="false"
memoryStoreEvictionPolicy="LFU"
/>
<cache name="EntityCache"
eternal="false"
overflowToDisk="false"
timeToLiveSeconds="600"
timeToIdleSeconds="300"
/>
<cache name="org.hibernate.cache.UpdateTimestampsCache"
eternal="true">
<persistence strategy="localTempSwap"/>
</cache>
<cache name="org.hibernate.cache.internal.StandardQueryCache"
eternal="false"
timeToLiveSeconds="600"
timeToIdleSeconds="300"
overflowToDisk="false"
memoryStoreEvictionPolicy="LFU"
/>
<cache name="CollectionsCache"
eternal="false"
timeToLiveSeconds="600"
timeToIdleSeconds="300"
overflowToDisk="false"
memoryStoreEvictionPolicy="LFU"
/>
<cache name="shiro-activeSessionCache"
overflowToDisk="true"
eternal="true"
timeToLiveSeconds="0"
timeToIdleSeconds="0"
diskPersistent="true"
diskExpiryThreadIntervalSeconds="600"
/>
</ehcache>
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: Apache Shiro JWT Token Authentication Random Disconnects Problem
With SessionTimeout
Posted by Brian Demers <br...@gmail.com>.
When storing sessions (or any objects in a cache) they are subject to that
Cache's configuration/policy
This is the default for EhCache config is:
https://github.com/apache/shiro/blob/master/support/ehcache/src/main/resources/org/apache/shiro/cache/ehcache/ehcache.xml
Based on your session timeout, it looks like you might need to bump the
cache TTL.
On Fri, Oct 18, 2019 at 4:12 AM mixtou <mi...@gmail.com> wrote:
> Yes below is my shiro.ini
>
> [main]
> jwtg = gr.histopath.platform.lib.JWTGuard
> jwtv = gr.histopath.platform.lib.JWTVerifyingFilter
>
> ds = com.mysql.cj.jdbc.MysqlDataSource
> ds.serverName = 127.0.0.1
> ds.port = 3306
> ds.user = histopathUser
> ds.password = H1s+0p@+h.U$er
> ds.databaseName = histopath
>
> jdbcRealm = gr.histopath.platform.lib.MyRealm
> jdbcRealm.dataSource = $ds
>
> credentialsMatcher =
> org.apache.shiro.authc.credential.Sha512CredentialsMatcher
> credentialsMatcher.hashIterations = 50000
> credentialsMatcher.hashSalted = true
> credentialsMatcher.storedCredentialsHexEncoded = false
> jdbcRealm.credentialsMatcher = $credentialsMatcher
>
> jdbcRealm.permissionsLookupEnabled = false
>
>
> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> securityManager.sessionManager = $sessionManager
>
> sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
> securityManager.sessionManager.sessionDAO = $sessionDAO
>
> cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
> securityManager.cacheManager = $cacheManager
>
> sessionValidationScheduler =
> org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler
> # Default is 3,600,000 millis = 1 hour:
> sessionValidationScheduler.interval = 3600000
>
> securityManager.sessionManager.sessionValidationScheduler =
> $sessionValidationScheduler
>
>
> securityManager.sessionManager.globalSessionTimeout = 172800000
>
> securityManager.realms = $jdbcRealm
>
> shiro.loginUrl = /authentication/login
> [users]
>
> [roles]
>
> [urls]
>
> /authentication/login = authc
> # /authentication/logout = logout
>
> /search/* = noSessionCreation, jwtv
> /statistics/* = noSessionCreation, jwtv
> /clinics/* = noSessionCreation, jwtv
> /patients/* = noSessionCreation, jwtv
> /incidents/* = noSessionCreation, jwtv
> /doctors/* = noSessionCreation, jwtv
>
> /users/new = noSessionCreation, anon
> /users/details/* = noSessionCreation, anon
> /users/* = noSessionCreation, jwtv
>
> /** = anon
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>
Re: Apache Shiro JWT Token Authentication Random Disconnects
Problem With SessionTimeout
Posted by mixtou <mi...@gmail.com>.
Yes below is my shiro.ini
[main]
jwtg = gr.histopath.platform.lib.JWTGuard
jwtv = gr.histopath.platform.lib.JWTVerifyingFilter
ds = com.mysql.cj.jdbc.MysqlDataSource
ds.serverName = 127.0.0.1
ds.port = 3306
ds.user = histopathUser
ds.password = H1s+0p@+h.U$er
ds.databaseName = histopath
jdbcRealm = gr.histopath.platform.lib.MyRealm
jdbcRealm.dataSource = $ds
credentialsMatcher =
org.apache.shiro.authc.credential.Sha512CredentialsMatcher
credentialsMatcher.hashIterations = 50000
credentialsMatcher.hashSalted = true
credentialsMatcher.storedCredentialsHexEncoded = false
jdbcRealm.credentialsMatcher = $credentialsMatcher
jdbcRealm.permissionsLookupEnabled = false
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO
cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
securityManager.cacheManager = $cacheManager
sessionValidationScheduler =
org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler
# Default is 3,600,000 millis = 1 hour:
sessionValidationScheduler.interval = 3600000
securityManager.sessionManager.sessionValidationScheduler =
$sessionValidationScheduler
securityManager.sessionManager.globalSessionTimeout = 172800000
securityManager.realms = $jdbcRealm
shiro.loginUrl = /authentication/login
[users]
[roles]
[urls]
/authentication/login = authc
# /authentication/logout = logout
/search/* = noSessionCreation, jwtv
/statistics/* = noSessionCreation, jwtv
/clinics/* = noSessionCreation, jwtv
/patients/* = noSessionCreation, jwtv
/incidents/* = noSessionCreation, jwtv
/doctors/* = noSessionCreation, jwtv
/users/new = noSessionCreation, anon
/users/details/* = noSessionCreation, anon
/users/* = noSessionCreation, jwtv
/** = anon
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: Apache Shiro JWT Token Authentication Random Disconnects Problem
With SessionTimeout
Posted by Francois Papon <fr...@openobject.fr>.
Hi,
Are you using a CacheManager?
regards,
François
fpapon@apache.org
Le 15/10/2019 à 10:35, mixtou a écrit :
> Yes this is a username/password token. As i stated earlier this happens
> occasionally/randomly. It could happen once a month or twice a day. The
> system is in production and is used at least 8 hours per day. As you can
> see from the logs for some reason suddenly DefaultSessionManager is unable
> to find sessionID. This is frustrating...
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
Re: Apache Shiro JWT Token Authentication Random Disconnects
Problem With SessionTimeout
Posted by mixtou <mi...@gmail.com>.
Yes this is a username/password token. As i stated earlier this happens
occasionally/randomly. It could happen once a month or twice a day. The
system is in production and is used at least 8 hours per day. As you can
see from the logs for some reason suddenly DefaultSessionManager is unable
to find sessionID. This is frustrating...
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: Apache Shiro JWT Token Authentication Random Disconnects Problem
With SessionTimeout
Posted by Brian Demers <br...@gmail.com>.
What is null on line 31 ?
```
java.lang.NullPointerException
at gr.histopath.platform.lib.MyRealm.doGetAuthenticationInfo(My
Realm.java:31)
```
Not sure if you have or not, but if you are NOT using a username/password
token, make sure you implement the `supports()` method in your realm:
https://shiro.apache.org/static/1.4.1/apidocs/org/apache/shiro/realm/Realm.html#supports-org.apache.shiro.authc.AuthenticationToken-
On Fri, Oct 11, 2019 at 5:31 AM mixtou <mi...@gmail.com> wrote:
> I am also using nginx as reverse proxy from tomcat. Could this be causing
> the
> problem? Any hints on what or where to look for ??
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>
Re: Apache Shiro JWT Token Authentication Random Disconnects
Problem With SessionTimeout
Posted by mixtou <mi...@gmail.com>.
I am also using nginx as reverse proxy from tomcat. Could this be causing the
problem? Any hints on what or where to look for ??
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: Apache Shiro JWT Token Authentication Random Disconnects
Problem With SessionTimeout
Posted by mixtou <mi...@gmail.com>.
DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault removed 0 from heap
DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault added 0 on disk
DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
org.apache.shiro.web.servlet.SimpleCookie - Found 'JSESSIONID' cookie value
[094bf05d-05df-4295-9935-9eb365beaa20]
DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on disk
DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
gr.histopath.platform.lib.JWTVerifyingFilter - Verifying Filter Execution
DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
gr.histopath.platform.lib.JWTVerifyingFilter - JWT Found
DEBUG http-nio-127.0.0.1-8080-exec-9 - 2019-10-08 05:57; -
gr.histopath.platform.lib.JWTVerifyingFilter - Expiration: Tue Oct 15
05:38:06 UTC 2019
DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault removed 0 from heap
DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault added 0 on disk
DEBUG http-nio-127.0.0.1-8080-exec-3 - 2019-10-08 05:57; -
org.apache.shiro.web.servlet.SimpleCookie - Found 'JSESSIONID' cookie value
[094bf05d-05df-4295-9935-9eb365beaa20]
DEBUG http-nio-127.0.0.1-8080-exec-3 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
DEBUG http-nio-127.0.0.1-8080-exec-3 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
DEBUG http-nio-127.0.0.1-8080-exec-3 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on disk
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 05:57; -
org.apache.shiro.web.servlet.SimpleCookie - Found 'JSESSIONID' cookie value
[094bf05d-05df-4295-9935-9eb365beaa20]
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault removed 0 from heap
DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault added 0 on disk
DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0
from heap
DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from
disk
DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault removed 0 from heap
DEBUG shiro-active%0053ession%0043ache.data - 2019-10-08 05:57; -
net.sf.ehcache.store.disk.Segment - fault added 0 on disk
DEBUG http-nio-127.0.0.1-8080-exec-10 - 2019-10-08 06:02; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@59886af5]. Returning null
to
indicate a session could not be found.
DEBUG http-nio-127.0.0.1-8080-exec-7 - 2019-10-08 06:02; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@3375bbf5]. Returning null
to
indicate a session could not be found.
DEBUG http-nio-127.0.0.1-8080-exec-5 - 2019-10-08 06:02; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@298ff393]. Returning null
to
indicate a session could not be found.
DEBUG http-nio-127.0.0.1-8080-exec-5 - 2019-10-08 06:02; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@6e21ab8e]. Returning null
to
indicate a session could not be found.
DEBUG http-nio-127.0.0.1-8080-exec-5 - 2019-10-08 06:02; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@5a963550]. Returning null
to
indicate a session could not be found.
DEBUG http-nio-127.0.0.1-8080-exec-5 - 2019-10-08 06:02; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@33329a23]. Returning null
to
indicate a session could not be found.
DEBUG http-nio-127.0.0.1-8080-exec-2 - 2019-10-08 06:03; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@3e360a82]. Returning null
to
indicate a session could not be found.
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve
session ID from SessionKey
[org.apache.shiro.web.session.mgt.WebSessionKey@37185c0d]. Returning null
to
indicate a session could not be found.
WARN http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.authc.AbstractAuthenticator - Authentication failed for
token submission [org.apache.shiro.authc.UsernamePasswordToken - null,
rememberMe=false (127.0.0.1)]. P
ossible unexpected error? (Typical or expected login exceptions should
extend from AuthenticationException).
java.lang.NullPointerException
at
gr.histopath.platform.lib.MyRealm.doGetAuthenticationInfo(MyRealm.java:31)
at
org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571)
at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
at
org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
at
org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:274)
at
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260)
at
org.apache.shiro.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:53)
at
org.apache.shiro.web.filter.authc.FormAuthenticationFilter.onAccessDenied(FormAuthenticationFilter.java:154)
at
org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(AccessControlFilter.java:133)
at
org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162)
at
org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203)
at
org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178)
at
org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at
org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie
[rememberMe=deleteMe; Path=/Histopath-Platform; Max-Age=0; Expires=Mon,
07-Oct-2019 06:03:29 GMT]
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.web.filter.authc.FormAuthenticationFilter - Authentication
exception
org.apache.shiro.authc.AuthenticationException: Authentication failed for
token submission [org.apache.shiro.authc.UsernamePasswordToken - null,
rememberMe=false (127.0.0.1)]. Possible unexpected error? (Typical or
expected login excep
tions should extend from AuthenticationException).
at
org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:214)
at
org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:274)
at
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260)
at
org.apache.shiro.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:53)
at
org.apache.shiro.web.filter.authc.FormAuthenticationFilter.onAccessDenied(FormAuthenticationFilter.java:154)
at
org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(AccessControlFilter.java:133)
at
org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162)
at
org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203)
at
org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178)
at
org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at
org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
at
gr.histopath.platform.lib.MyRealm.doGetAuthenticationInfo(MyRealm.java:31)
at
org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571)
at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
at
org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
... 38 more
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
gr.histopath.platform.controllers.authentication.AuthenticationController -
Authenticating User
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo
[gr.histopath.platform.model.TransferObjects.User@70c6af5f] from
doGetAuthenticationInfo
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.realm.AuthenticatingRealm - AuthenticationInfo caching is
disabled for info
[gr.histopath.platform.model.TransferObjects.User@70c6af5f]. Submitted
token: [org
.apache.shiro.authc.UsernamePasswordToken - andask@gmail.com,
rememberMe=false].
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.authc.credential.SimpleCredentialsMatcher - Performing
credentials equality check for tokenCredentials of type
[org.apache.shiro.crypto.hash.SimpleHash and acc
ountCredentials of type [org.apache.shiro.crypto.hash.SimpleHash]
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.authc.credential.SimpleCredentialsMatcher - Both
credentials arguments can be easily converted to byte arrays. Performing
array equals comparison
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for
token [org.apache.shiro.authc.UsernamePasswordToken - andask@gmail.com,
rememberMe=false]. Returne
d account [gr.histopath.platform.model.TransferObjects.User@70c6af5f]
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager
available in subject context map. Falling back to
SecurityUtils.getSecurityManager() lookup.
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager
available in subject context map. Falling back to
SecurityUtils.getSecurityManager() lookup.
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.session.mgt.DefaultSessionManager - Creating new EIS record
for new session instance
[org.apache.shiro.session.mgt.SimpleSession,id=null]
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie
[JSESSIONID=9f8165fa-dc41-4baf-be20-1f34c3a6c97b; Path=/Histopath-Platform;
HttpOnly]
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put added 0 on heap
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie
[rememberMe=deleteMe; Path=/Histopath-Platform; Max-Age=0; Expires=Mon,
07-Oct-2019 06:03:29 GMT]
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
org.apache.shiro.mgt.AbstractRememberMeManager - AuthenticationToken did not
indicate RememberMe is requested. RememberMe functionality will not be
executed for corresponding
account.
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
gr.histopath.platform.lib.JWTProvider - JWT Provider FIRED
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
gr.histopath.platform.lib.JWTProvider - Date Now: Tue Oct 08 06:03:29 UTC
2019
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
gr.histopath.platform.lib.JWTProvider - JWT Provider Generated JWT:
eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhbmRhc2tAZ21haWwuY29tIiwiRmlyc3ROYW1lIjoizobOvc69zrEiLCJMYXN0TmFtZSI6Is6UzrH
Pg866zrHOu86szrrOtyIsImlhdCI6MTU3MDUxNDYwOSwiZXhwIjoxNTcxMTE5NDA5fQ.eTYPF2fCgUxS6vrjuzowmuBc54kVHk7Z4etrX-3wMyzIKAwwPd7Boe9ArplXckPLkUFckiTk_rZONm0kLvfpvA
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
gr.histopath.platform.controllers.authentication.AuthenticationController -
Token Values....
DEBUG http-nio-127.0.0.1-8080-exec-8 - 2019-10-08 06:03; -
gr.histopath.platform.controllers.authentication.AuthenticationController -
{"jwtToken":"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhbmRhc2tAZ21haWwuY29tIiwiRmlyc3ROYW1lIjoizobOvc69zrEiLC
JMYXN0TmFtZSI6Is6UzrHPg866zrHOu86szrrOtyIsImlhdCI6MTU3MDUxNDYwOSwiZXhwIjoxNTcxMTE5NDA5fQ.eTYPF2fCgUxS6vrjuzowmuBc54kVHk7Z4etrX-3wMyzIKAwwPd7Boe9ArplXckPLkUFckiTk_rZONm0kLvfpvA","username":"andask@gmail.com"}
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: Apache Shiro JWT Token Authentication Random Disconnects Problem With SessionTimeout
Posted by Brian Demers <br...@gmail.com>.
Can you include the stacktrace?
-Brian
> On Jun 13, 2019, at 5:11 AM, mixtou <mi...@gmail.com> wrote:
>
> I have implemented shiro jwt token authentication using as reference Shiro
> json web token
> <https://www.novatec-gmbh.de/en/blog/json-web-token-apache-shiro/> .
> Everything works fine besides that i have random disconnects with
> SessionTimeOut Exception. Disconnects happen completely randomly. I might
> have 3 disconnects in one Day or 1 Disconnect in one Week. The user logs in
> with token authentication and token expiration of 1 Week period. However
> while logged in suddenly and randomly gets logged out.
>
> Has anyone faced a similar situation?
> Can someone guide me where to look to isolate/find the problem?
> Is my code correctly implemented?
>
> Bellow is my code. To implement the functionality i have implemented one
> *Realm* and one *Filter*.
>
> I have tried to completely disable sessions completely using
>
> *securityManager.subjectDAO.sessionStorageEvaluator.sessionStorageEnabled =
> false*
>
> in Shiro.ini but then Authentication Fails. No Subject Exists...
>
> Any Example would be highly appreciated, shiro lacks of documentation...
>
> *Shiro.ini File*
>
> [main]
> jwtg = gr.histopath.platform.lib.JWTGuard
> jwtv = gr.histopath.platform.lib.JWTVerifyingFilter
>
> ds = com.mysql.cj.jdbc.MysqlDataSource
> ds.serverName = 127.0.0.1
> ds.port = 3306
> ds.user = histopathUser
> ds.password = H1s+0p@+h.U$er
> ds.databaseName = histopath
>
> jdbcRealm = gr.histopath.platform.lib.MyRealm
> jdbcRealm.dataSource = $ds
>
>
> credentialsMatcher =
> org.apache.shiro.authc.credential.Sha512CredentialsMatcher
> credentialsMatcher.hashIterations = 50000
> credentialsMatcher.hashSalted = true
> credentialsMatcher.storedCredentialsHexEncoded = false
> jdbcRealm.credentialsMatcher = $credentialsMatcher
>
> jdbcRealm.permissionsLookupEnabled = false
>
> shiro.loginUrl = /authentication/login
>
> #cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
> securityManager.cacheManager = $cacheManager
>
> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> securityManager.sessionManager = $sessionManager
> securityManager.sessionManager.globalSessionTimeout = 172800000
>
> # ssl.enabled = false
>
> securityManager.realms = $jdbcRealm
> [users]
>
> [roles]
>
> [urls]
>
> /authentication/login = authc
> # /authentication/logout = logout
>
> /search/* = noSessionCreation, jwtv
> /statistics/* = noSessionCreation, jwtv
> /clinics/* = noSessionCreation, jwtv
> /patients/* = noSessionCreation, jwtv
> /incidents/* = noSessionCreation, jwtv
> /doctors/* = noSessionCreation, jwtv
>
> /users/new = noSessionCreation, anon
> /users/details/* = noSessionCreation, anon
> /users/* = noSessionCreation, jwtv
>
> /* = anon
>
> *MyRealm.java*
>
> public class MyRealm extends JdbcRealm {
>
> private UserDAO userDAO;
> private User user;
> private String password;
> private ByteSource salt;
> private static final Logger logger =
> LoggerFactory.getLogger(MyRealm.class);
>
>
> public MyRealm() {
> this.userDAO = new UserDAO();
> setSaltStyle(SaltStyle.COLUMN);
> }
>
> @Override
> protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
> token) throws AuthenticationException {
> // identify account to log to
> UsernamePasswordToken userPassToken = (UsernamePasswordToken) token;
> String username = userPassToken.getUsername();
>
> logger.debug("GMOTO: " + userPassToken.getUsername());
>
> if (username.equals(null)) {
> logger.debug("Username is null.");
> return null;
> }
>
> // read password hash and salt from db
> // System.out.println("Username: " + username);
>
> if(!userDAO.isOpen()){
> userDAO = new UserDAO();
> }
>
> this.user = userDAO.getByUsername(username);
> this.userDAO.closeEntityManager();
> logger.debug("user's email: " + this.user.getUsername());
>
> if (this.user == null) {
> logger.debug("No account found for user [" + username + "]");
> return null;
> }
> this.password = this.user.getPassword();
> this.salt =
> ByteSource.Util.bytes(Base64.decode(this.user.getSalt()));
>
> SaltedAuthenticationInfo info = new SimpleAuthenticationInfo(user,
> password, salt, getName());
>
> return info;
> }
>
> }
>
> *JWTVerigyingFilter.java*
>
>
> public class JWTVerifyingFilter extends AccessControlFilter {
>
> private static final Logger logger =
> LoggerFactory.getLogger(JWTVerifyingFilter.class);
>
> @Override
> protected boolean isAccessAllowed(ServletRequest servletRequest,
> ServletResponse servletResponse, Object o) {
> logger.debug("Verifying Filter Execution");
>
> HttpServletRequest httpRequest = (HttpServletRequest)
> servletRequest;
> String jwt = httpRequest.getHeader("Authorization");
>
> if (jwt == null || !jwt.startsWith("Bearer ")) {
> // System.out.println("DEn Brika Tipota: ");
> logger.debug("No Token Found...");
> //
> servletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> return false;
> }
> logger.debug("JWT Found");
> logger.debug("JWT Content: " + jwt);
> jwt = jwt.substring(jwt.indexOf(" "));
> Subject subject = SecurityUtils.getSubject();
> logger.debug("SecurityUtils Subject: " + subject.getPrincipal());
>
> // System.out.println("Token Found");
> // System.out.println("JWT: " + jwt);
> // System.out.println("Authenticated? " + subject.isAuthenticated());
> // System.out.println(" session " + subject.getSession().getId());
> // System.out.println(" salt " + ((User)
> subject.getPrincipal()).getSalt());
> // System.out.println(" who-is " + ((User)
> subject.getPrincipal()).getUsername());
>
> User user = null;
> logger.debug("Is Subject Authenticated: " +
> subject.isAuthenticated());
> if (subject.isAuthenticated()) {
>
> user = (User) subject.getPrincipal();
> String username = null;
>
> try {
> Jws<Claims> claimsJws = Jwts.parser()
>
> .setSigningKey(DatatypeConverter.parseBase64Binary(user.getSalt()))
> .parseClaimsJws(jwt);
>
> // System.out.println("Claims: " + claimsJws);
> logger.debug("Expiration: " +
> claimsJws.getBody().getExpiration());
> username = claimsJws.getBody().getSubject();
> } catch (ExpiredJwtException expiredException) {
> logger.error("Token Is Expired....");
> logger.error(expiredException.getMessage(),
> expiredException);
> // System.out.println("Token IS Expired.....");
> // expiredException.printStackTrace();
> logger.debug("Logging out the user...");
> // System.out.println("Logging out the user...");
> SecurityUtils.getSubject().logout();
> // System.out.println("mmmnnnnn: " +
> SecurityUtils.getSubject().isAuthenticated());
> return false;
> // throw expiredException;
> } catch (SignatureException signatureException) {
> logger.error(signatureException.getMessage(),
> signatureException);
> // signatureException.printStackTrace();
> return false;
> } catch (Exception e) {
> logger.error(e.getMessage(), e);
> // e.printStackTrace();
> return false;
> }
> System.out.println("Subject: " + user.getUsername());
>
> return username.equals(user.getUsername());
>
> }
> // response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> return false;
> }
>
> @Override
> protected boolean onAccessDenied(ServletRequest servletRequest,
> ServletResponse servletResponse) {
> HttpServletResponse response = (HttpServletResponse)
> servletResponse;
> response.setStatus(HttpServletResponse.SC_FORBIDDEN);
> return false;
> }
> }
>
> I have also posted the question in stack overflow Question
> <https://stackoverflow.com/questions/56576654/apache-shiro-jwt-token-authentication-random-disconnects-problem-with-sessiontim>
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/