You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Cédric Thiebault <ct...@p3g.org> on 2014/01/28 18:36:03 UTC

Null subject principal in SessionListener and AuthenticationListener

Hi,

I would like to do stuff with current subject on SessionListener.onStart()or
AuthenticationListener.onSuccess() using SecurityUtils.getSubject() but the
subject is not yet authenticated... Is that normal?

Here is how I authenticate my subject:

Subject subject = SecurityUtils.getSubject();
subject.login(new UsernamePasswordToken(username, password));

Then in the SessionListener, the subject principal is null:

@Override
public void onStart(Session session) {
  Subject subject = SecurityUtils.getSubject();
  Object principal = subject.getPrincipal(); // this is null
}

Same thing in the AuthenticationListener:

@Override
public void onSuccess(AuthenticationToken token, AuthenticationInfo info) {
  Subject subject = SecurityUtils.getSubject();
  Object principal = subject.getPrincipal(); // this is null
}

Any idea of what's wrong ?

Cedric

Re: Null subject principal in SessionListener and AuthenticationListener

Posted by Les Hazlewood <lh...@apache.org>.

Hi Cedric,

The listener methods you specified are a little lower-level: they are
triggered before constructing the Subject instance to return to the caller.

For authentication, you can just inspect the AuthenticationInfo method
argument - that should give you the account information of who/what
authenticated.

The session one isn't as easy: ideally, there should be a
SubjectSessionListener that is fired after the session has started and been
associated with the calling subject.  The current event is triggered as
soon as the session is started, but before it has been 'attached' to the
invoking Subject.

Please create a Jira issue for the latter use case - I'm sure others could
benefit from it!

Best,

--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282

On Tue, Jan 28, 2014 at 9:36 AM, Cédric Thiebault <ct...@p3g.org>wrote:

> Hi,
>
> I would like to do stuff with current subject on SessionListener.onStart()or
> AuthenticationListener.onSuccess() using SecurityUtils.getSubject() but
> the subject is not yet authenticated... Is that normal?
>
> Here is how I authenticate my subject:
>
> Subject subject = SecurityUtils.getSubject();
> subject.login(new UsernamePasswordToken(username, password));
>
> Then in the SessionListener, the subject principal is null:
>
> @Override
> public void onStart(Session session) {
>   Subject subject = SecurityUtils.getSubject();
>   Object principal = subject.getPrincipal(); // this is null
> }
>
> Same thing in the AuthenticationListener:
>
> @Override
> public void onSuccess(AuthenticationToken token, AuthenticationInfo info) {
>   Subject subject = SecurityUtils.getSubject();
>   Object principal = subject.getPrincipal(); // this is null
> }
>
> Any idea of what's wrong ?
>
> Cedric
>