You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by gcollins <ga...@gmail.com> on 2011/07/28 23:52:31 UTC
SecurityManager Null Issue In Web App
Hello,
I just started with Shiro. I am running Shiro to supply security for a web
application in OSGi (Karaf). Since I need OSGi compatibility I am using the
latest nightly build from Hudson (I understand there are some unreleased
fixes related to OSGi).
I got a simple basic authentication example working very quickly (which is
great! - easier that getting Spring Security working in OSGi). My next test
was to add the ssl filter which didn't turn out so well.
My shiro.ini:
# INI configuration is very powerful and flexible, while still remaining
succinct.
# Please http://shiro.apache.org/configuration.html and
# http://shiro.apache.org/web.html for more.
[main]
ssl.port = 8443
[users]
<default users from shiro web example>
[roles]
<default roles from shiro web example>
[urls]
/** = ssl,authcBasic
web.xml (following the example):
.
.
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
.
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
.
When I try to access the web page I am getting a null pointer exception:
java.lang.NullPointerException
at
org.apache.shiro.web.servlet.AbstractShiroFilter.isHttpSessions(AbstractShiroFilter.java:199)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.wrapServletRequest(AbstractShiroFilter.java:211)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.prepareServletRequest(AbstractShiroFilter.java:233)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:356)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
and when I looked in the code, it looks like the security manager is not
set:
protected boolean isHttpSessions() {
return getSecurityManager().isHttpSessionMode(); << here
}
After checking the example again, it is still not obvious (at least to me
:)) what I missed. Shouldn't the EnvironmentLoaderLister be setting the
security manager? If anyone could point me in the right direction it would
be much appreciated.
thanks in advance,
Gareth
--
View this message in context: http://shiro-user.582556.n2.nabble.com/SecurityManager-Null-Issue-In-Web-App-tp6631506p6631506.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: SecurityManager Null Issue In Web App
Posted by Les Hazlewood <lh...@apache.org>.
Ah yes - it is marked as optional because it is only needed for ini
configuration. If you configure Shiro via another means (Spring,
Guice, etc), beanutils is not necessary.
Cheers,
Les
Re: SecurityManager Null Issue In Web App
Posted by gcollins <ga...@gmail.com>.
Hello,
My apologies. I found what the problem was. It was an OSGI refresh issue.
shiro-core has an optional dependency on commons-beanutils. I didn't realise
this until I had already loaded the shiro bundles and had done some initial
tests.
When I added the commons-beanutils bundle (after realising it was now
required),
shiro-core didn't automatically pick up the now available commons-beanutils,
thus it
could not initialize my servlet correctly.
To fix the problem, I needed to explicitly "refresh" the shiro-core bundle.
regards,
Gareth
--
View this message in context: http://shiro-user.582556.n2.nabble.com/SecurityManager-Null-Issue-In-Web-App-tp6631506p6632033.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: SecurityManager Null Issue In Web App
Posted by Les Hazlewood <lh...@apache.org>.
Hi Gareth,
Welcome to the Shiro community! I'm sorry that you've come across a
bump. Are you running the latest trunk snapshot?
And yes, the EnvironmentLoaderListener should be setting the SecurityManager.
In the meantime, I'll try this out myself and see what happens...
Regards,
--
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com