You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by highroller <vi...@gmail.com> on 2014/09/01 01:37:12 UTC
Shiro subject authentication cannot last more than 2 requests in
Google App Engine Endpoint
Hi,
I am implementing endpoint in Google App Engine and testing it in local
dev server using Android Studio. My user login successfully, but when
subject.isAuthenticated() return true in only 1 or 2 requests after the
successful login. Then it returns false forever until user relogin, then
same problem happens again. I don't think it is session timeout because it
lasts less than 2 minutes. I did lots of research and I couldn't find the
problem. How to fix this?
Following is the code for the endpoint:
/** An endpoint class we are exposing */
@Api(name = "Endpoint", version = "v1", namespace =
@ApiNamespace(ownerDomain = "Content.example.com", ownerName =
"Content.example.com", packagePath=""))
public class Endpoint {
@ApiMethod(name = "removeContent")
public Response removeContent(@Named("id") Long id) throws
UnauthorizedException, NotFoundException {
LOG.info("Calling removeContent method");
Response response = new Response();
Subject subject = SecurityUtils.getSubject();
if (subject.isAuthenticated()) {
...
}
}
}
Following are the configurations:
appengine-web.xml:
<?xml version="1.0" encoding="utf-8"?>
<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
<application>virtual-guru-123123213</application>
<version>1</version>
<threadsafe>true</threadsafe>
<sessions-enabled>true</sessions-enabled>
<system-properties>
<property name="java.util.logging.config.file"
value="WEB-INF/logging.properties"/>
<property name="gcm.api.key" value="sdfkjsldkfjlsjflksdj"/>
</system-properties>
<async-session-persistence enabled="true" queue-name="default"/>
</appengine-web-app>
===================================================
shiro.ini:
[main]
shiro.loginUrl = /login
gaeRealm = com.example.user.DatastoreRealm
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
iniRealm.credentialsMatcher = $passwordMatcher
securityManager.realms = $gaeRealm
[roles]
admin = *
user = browse:*
[urls]
/login = authc
===========================================
web.xml:
<?xml version="1.0" encoding="utf-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.5">
<servlet>
<servlet-name>SystemServiceServlet</servlet-name>
<servlet-class>com.google.api.server.spi.SystemServiceServlet</servlet-class>
<init-param>
<param-name>services</param-name>
<param-value>com.example.content.Endpoint</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>SystemServiceServlet</servlet-name>
<url-pattern>/_ah/spi/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
</web-app>
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-subject-authentication-cannot-last-more-than-2-requests-in-Google-App-Engine-Endpoint-tp7580170.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro subject authentication cannot last more than 2 requests
in Google App Engine Endpoint
Posted by highroller <vi...@gmail.com>.
I just discovered that the problem doesn't exist if I set RememberMe to true.
Why? I don't think this is a real solution, maybe just a workaround.
Authentication should last more than 2 minutes without RememberMe. Is it a
bug?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-subject-authentication-cannot-last-more-than-2-requests-in-Google-App-Engine-Endpoint-tp7580170p7580171.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro subject authentication cannot last more than 2 requests in
Google App Engine Endpoint
Posted by Brian Demers <br...@gmail.com>.
Yeah, sorry I was thinking about the DefaultSessionManager and SessionDAO.
(and the use of MemorySessionDAO)
As for the gaeshiro project, I don't know much about it other then it has
been popping up in my web searches lately.
On Tue, Sep 2, 2014 at 3:58 PM, highroller <vi...@gmail.com> wrote:
> What does the problem have to do with caching? Caching is not enabled here
> yet.
>
> Were you talking about session? getSession() always create new thread
> which
> is not allowed in Endpoint in GAE. I already looked at gaeshiro code
> sample
> which is using servlet. Maybe GAE changed because gaeshiro's last update
> was at least 1 year ago?
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Shiro-subject-authentication-cannot-last-more-than-2-requests-in-Google-App-Engine-Endpoint-tp7580170p7580180.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Shiro subject authentication cannot last more than 2 requests
in Google App Engine Endpoint
Posted by highroller <vi...@gmail.com>.
What does the problem have to do with caching? Caching is not enabled here
yet.
Were you talking about session? getSession() always create new thread which
is not allowed in Endpoint in GAE. I already looked at gaeshiro code sample
which is using servlet. Maybe GAE changed because gaeshiro's last update
was at least 1 year ago?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-subject-authentication-cannot-last-more-than-2-requests-in-Google-App-Engine-Endpoint-tp7580170p7580180.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro subject authentication cannot last more than 2 requests in Google App Engine Endpoint
Posted by Brian Demers <br...@gmail.com>.
Take a look at the caching doc: https://shiro.apache.org/caching.html
That would be my first guess, but it is still early.
Also, if you are going the App Engine route you will need to do something that is available across all instances.
There is also this project that might help you out: https://gaeshiro.appspot.com
-Brian
> On Aug 31, 2014, at 7:37 PM, highroller <vi...@gmail.com> wrote:
>
> Hi,
> I am implementing endpoint in Google App Engine and testing it in local
> dev server using Android Studio. My user login successfully, but when
> subject.isAuthenticated() return true in only 1 or 2 requests after the
> successful login. Then it returns false forever until user relogin, then
> same problem happens again. I don't think it is session timeout because it
> lasts less than 2 minutes. I did lots of research and I couldn't find the
> problem. How to fix this?
>
> Following is the code for the endpoint:
>
> /** An endpoint class we are exposing */
> @Api(name = "Endpoint", version = "v1", namespace =
> @ApiNamespace(ownerDomain = "Content.example.com", ownerName =
> "Content.example.com", packagePath=""))
> public class Endpoint {
>
> @ApiMethod(name = "removeContent")
> public Response removeContent(@Named("id") Long id) throws
> UnauthorizedException, NotFoundException {
> LOG.info("Calling removeContent method");
>
> Response response = new Response();
>
> Subject subject = SecurityUtils.getSubject();
> if (subject.isAuthenticated()) {
> ...
> }
> }
> }
>
> Following are the configurations:
>
> appengine-web.xml:
>
> <?xml version="1.0" encoding="utf-8"?>
> <appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
> <application>virtual-guru-123123213</application>
> <version>1</version>
> <threadsafe>true</threadsafe>
> <sessions-enabled>true</sessions-enabled>
> <system-properties>
> <property name="java.util.logging.config.file"
> value="WEB-INF/logging.properties"/>
>
>
>
> <property name="gcm.api.key" value="sdfkjsldkfjlsjflksdj"/>
> </system-properties>
>
>
> <async-session-persistence enabled="true" queue-name="default"/>
> </appengine-web-app>
>
> ===================================================
>
> shiro.ini:
>
> [main]
> shiro.loginUrl = /login
>
> gaeRealm = com.example.user.DatastoreRealm
>
> passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
> iniRealm.credentialsMatcher = $passwordMatcher
>
> securityManager.realms = $gaeRealm
>
> [roles]
> admin = *
> user = browse:*
>
> [urls]
> /login = authc
>
> ===========================================
>
> web.xml:
>
> <?xml version="1.0" encoding="utf-8"?>
> <web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.5">
> <servlet>
> <servlet-name>SystemServiceServlet</servlet-name>
>
> <servlet-class>com.google.api.server.spi.SystemServiceServlet</servlet-class>
> <init-param>
> <param-name>services</param-name>
> <param-value>com.example.content.Endpoint</param-value>
> </init-param>
> </servlet>
> <servlet-mapping>
> <servlet-name>SystemServiceServlet</servlet-name>
> <url-pattern>/_ah/spi/*</url-pattern>
> </servlet-mapping>
>
> <welcome-file-list>
> <welcome-file>index.html</welcome-file>
> </welcome-file-list>
>
> <listener>
>
> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
> </listener>
>
> <filter>
> <filter-name>ShiroFilter</filter-name>
>
> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
> </filter>
>
> <filter-mapping>
> <filter-name>ShiroFilter</filter-name>
> <url-pattern>/*</url-pattern>
> <dispatcher>REQUEST</dispatcher>
> <dispatcher>FORWARD</dispatcher>
> <dispatcher>INCLUDE</dispatcher>
> <dispatcher>ERROR</dispatcher>
> </filter-mapping>
> </web-app>
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-subject-authentication-cannot-last-more-than-2-requests-in-Google-App-Engine-Endpoint-tp7580170.html
> Sent from the Shiro User mailing list archive at Nabble.com.