You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Jason Shim <aq...@gmail.com> on 2011/08/29 08:27:11 UTC
Shiro has some problems(bugs) or confused things.
(sorry my poor english)
1. Mutual dependency (I assume the confused design)
SessionManager and SessionValidationScheduler configuration have to do set
mutual
<bean id="*sessionManager*"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionDAO">
<bean
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>
</property>
*<property name="sessionValidationScheduler"
ref="sessionValidationScheduler"/>*
<property name="globalSessionTimeout" value="300000"/>
<property name="sessionListeners">
<list>
<ref local="p2pSessionListener"/>
</list>
</property>
</bean>
<bean id="*sessionValidationScheduler*"
class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
*<property name="sessionManager" ref="sessionManager"/>*
<property name="interval" value="60000"/>
</bean>
Anyone missing, doesn't execute sessionValidationScheduler.
2. (Too)Many SessionValidationScheduler Launched.(I assume a bug.)
I guess, session validation scenario is...
(a) Server start
(b) Client access
(c) Enabling session validation scheduler...
(d) Session create
If two clients access concurrently in (b), SessionValidationScheduler
launched two instance.
Three clients, three SessionValidationScheduler launched. (according to
logs)
Thanks.
Re: Shiro has some problems(bugs) or confused things.
Posted by Jason Shim <aq...@gmail.com>.
Hi Les.
I explain test cases.
1. Mutual dependency (I assume the confused design)
You can use spring configuration i written before.
But full spring configuration is ...
<!-- =========================================================
Shiro Core Components - Not Spring Specific
========================================================= -->
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="cacheManager" ref="cacheManager"/>
<property name="sessionMode" value="native"/>
<property name="sessionManager" ref="sessionManager"/>
<property name="realm" ref=*"$You do modify"*/>
</bean>
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionDAO">
<bean
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>
</property>
<property name="sessionValidationScheduler"
ref="sessionValidationScheduler"/>
<property name="globalSessionTimeout" value="15000"/>
<property name="sessionListeners">
<list>
<ref local="p2pSessionListener"/>
</list>
</property>
</bean>
<bean id="sessionValidationScheduler"
class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
<property name="sessionManager" ref="sessionManager"/>
<property name="interval" value="30000"/>
</bean>
<bean id="p2pSessionListener"
class="com.acme.session.P2PShiroSessionListenerAdapter"/>
<bean id="cacheManager"
class="org.apache.shiro.cache.ehcache.EhCacheManager">
</bean>
<!-- =========================================================
Shiro Spring-specific integration
========================================================= -->
<bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="unauthorizedUrl" value="/unauthorized.html"/>
<property name="filterChainDefinitions">
<value>
/web/** = anon
/secure/** = authcBasic
</value>
</property>
</bean>
<!-- End -->
* com.acme.session.P2PShiroSessionListenerAdapter
package com.acme.session;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.SessionListener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
public class P2PShiroSessionListenerAdapter
implements SessionListener, ApplicationContextAware
{
//
-------------------------------------------------------------------------
// Constant
//
-------------------------------------------------------------------------
private static final Logger logger =
LoggerFactory.getLogger(P2PShiroSessionListenerAdapter.class);
//
-------------------------------------------------------------------------
// Member variable
//
-------------------------------------------------------------------------
private ApplicationContext applicationContext;
//-------------------------------------------------------------------------
// Setter methods for dependency injection
//-------------------------------------------------------------------------
//
-------------------------------------------------------------------------
// Public methods
//
-------------------------------------------------------------------------
@Override
public void onExpiration(Session _session)
{
logger.debug("sessionDestroyed[{}]", _session.getId());
}
@Override
public void onStart(Session _sessioin)
{
logger.debug("onStart");
}
@Override
public void onStop(Session _sessioin)
{
logger.debug("onStop");
}
@Override
public void setApplicationContext(ApplicationContext _applicationContext)
throws BeansException
{
this.applicationContext = _applicationContext;
}
}
2. (Too)Many SessionValidationScheduler Launched.(I assume a bug.)
I develop iPhone application(Object-C, Client) an Spring/J2EE(Server).
So i can't help you with my client code. Sorry.
But i attach log4j logs and client request. (I use HTTP Basic
Authentification.)
lo4j log (2 request concurrently. sessionValidationScheduler.interval is 30
seconds)
2011-08-30 18:10:52 INFO AbstractValidatingSessionManager.?(?) | Enabling
session validation scheduler...
2011-08-30 18:10:52 INFO AbstractValidatingSessionManager.?(?) | Enabling
session validation scheduler...
2011-08-30 18:10:52 INFO EhCacheManager.?(?) | Using existing EHCache named
[shiro-activeSessionCache]
2011-08-30 18:10:52 INFO EhCacheManager.?(?) | Using existing EHCache named
[shiro-activeSessionCache]
2011-08-30 18:10:53 DEBUG P2PShiroSessionListenerAdapter.?(?) | onStart
2011-08-30 18:10:53 DEBUG P2PShiroSessionListenerAdapter.?(?) | onStart
2011-08-30 18:11:22 INFO AbstractValidatingSessionManager.?(?) | Validating
all active sessions...
2011-08-30 18:11:22 INFO AbstractValidatingSessionManager.?(?) | Validating
all active sessions...
2011-08-30 18:11:22 DEBUG P2PShiroSessionListenerAdapter.?(?) | onStop
2011-08-30 18:11:22 DEBUG P2PShiroSessionListenerAdapter.?(?) |
sessionDestroyed[d0884088-47ac-4138-bc83-2258386373a3]
2011-08-30 18:11:22 DEBUG P2PShiroSessionListenerAdapter.?(?) |
sessionDestroyed[b236ba53-c802-4acf-b006-7cf2e2a62393]
2011-08-30 18:11:22 DEBUG P2PShiroSessionListenerAdapter.?(?) | onStop
2011-08-30 18:11:22 INFO AbstractValidatingSessionManager.?(?) | Finished
session validation. [2] sessions were stopped.
2011-08-30 18:11:22 INFO AbstractValidatingSessionManager.?(?) | Finished
session validation. [2] sessions were stopped.
2011-08-30 18:11:52 INFO AbstractValidatingSessionManager.?(?) | Validating
all active sessions...
2011-08-30 18:11:52 INFO AbstractValidatingSessionManager.?(?) | Finished
session validation. No sessions were stopped.
2011-08-30 18:11:52 INFO AbstractValidatingSessionManager.?(?) | Validating
all active sessions...
2011-08-30 18:11:52 INFO AbstractValidatingSessionManager.?(?) | Finished
session validation. No sessions were stopped.
....
Client Request (2 request. It is a normal situation)
HTTP 291 POST /s/q HTTP/1.1 (application/x-www-form-urlencoded)
HTTP 81 POST /s/q HTTP/1.1 (application/x-www-form-urlencoded)
HTTP 181 HTTP/1.1 401 Unauthorized
HTTP 181 HTTP/1.1 401 Unauthorized
HTTP 291 POST /s/q HTTP/1.1 (application/x-www-form-urlencoded)
HTTP 81 POST /s/q HTTP/1.1 (application/x-www-form-urlencoded)
HTTP 56 HTTP/1.1 200 OK (text/html)
HTTP 56 HTTP/1.1 200 OK (text/html)
I understand two session creation because 2 concurrent request.
I don't understand two SessionValidationScheduler.
Thanks.
On Tue, Aug 30, 2011 at 5:38 AM, Les Hazlewood <lh...@apache.org>wrote:
> Hi Jason,
>
> Do you have a sample app or test case that you could share with us?
> Or is it as simple as just using the Spring configuration pasted?
>
> That is, how do I recreate the problem for testing?
>
> Thanks,
>
> Les
>
> On Sun, Aug 28, 2011 at 11:27 PM, Jason Shim <aq...@gmail.com> wrote:
> > (sorry my poor english)
> > 1. Mutual dependency (I assume the confused design)
> > SessionManager and SessionValidationScheduler configuration have to do
> set
> > mutual
> > <bean id="sessionManager"
> > class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
> > <property name="sessionDAO">
> > <bean
> > class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>
> > </property>
> > <property name="sessionValidationScheduler"
> > ref="sessionValidationScheduler"/>
> > <property name="globalSessionTimeout" value="300000"/>
> > <property name="sessionListeners">
> > <list>
> > <ref local="p2pSessionListener"/>
> > </list>
> > </property>
> > </bean>
> >
> > <bean id="sessionValidationScheduler"
> >
> >
> class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
> > <property name="sessionManager" ref="sessionManager"/>
> > <property name="interval" value="60000"/>
> > </bean>
> > Anyone missing, doesn't execute sessionValidationScheduler.
> > 2. (Too)Many SessionValidationScheduler Launched.(I assume a bug.)
> > I guess, session validation scenario is...
> > (a) Server start
> > (b) Client access
> > (c) Enabling session validation scheduler...
> > (d) Session create
> > If two clients access concurrently in (b), SessionValidationScheduler
> > launched two instance.
> > Three clients, three SessionValidationScheduler launched. (according to
> > logs)
> >
> > Thanks.
>
Re: Shiro has some problems(bugs) or confused things.
Posted by Les Hazlewood <lh...@apache.org>.
Hi Jason,
Do you have a sample app or test case that you could share with us?
Or is it as simple as just using the Spring configuration pasted?
That is, how do I recreate the problem for testing?
Thanks,
Les
On Sun, Aug 28, 2011 at 11:27 PM, Jason Shim <aq...@gmail.com> wrote:
> (sorry my poor english)
> 1. Mutual dependency (I assume the confused design)
> SessionManager and SessionValidationScheduler configuration have to do set
> mutual
> <bean id="sessionManager"
> class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
> <property name="sessionDAO">
> <bean
> class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>
> </property>
> <property name="sessionValidationScheduler"
> ref="sessionValidationScheduler"/>
> <property name="globalSessionTimeout" value="300000"/>
> <property name="sessionListeners">
> <list>
> <ref local="p2pSessionListener"/>
> </list>
> </property>
> </bean>
>
> <bean id="sessionValidationScheduler"
>
> class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
> <property name="sessionManager" ref="sessionManager"/>
> <property name="interval" value="60000"/>
> </bean>
> Anyone missing, doesn't execute sessionValidationScheduler.
> 2. (Too)Many SessionValidationScheduler Launched.(I assume a bug.)
> I guess, session validation scenario is...
> (a) Server start
> (b) Client access
> (c) Enabling session validation scheduler...
> (d) Session create
> If two clients access concurrently in (b), SessionValidationScheduler
> launched two instance.
> Three clients, three SessionValidationScheduler launched. (according to
> logs)
>
> Thanks.