You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by dbathily <di...@paraschool.com> on 2010/08/08 21:06:38 UTC
Login not persisted in session
Hello
I try to use shiro to secure a gwt application. I meets a very strange
problem, probably a bug. For simple testing, I created a servlet with only
this code.
public void service(ServletRequest request, ServletResponse response)
throws ServletException, IOException {
logger.debug(request.getParameter("username"));
logger.debug(request.getParameter("password"));
Subject currentUser = SecurityUtils.getSubject();
logger.debug(currentUser.getSession().getId());
if(!currentUser.isAuthenticated()) {
logger.debug("User is not authenticated. Try to authenticate");
UsernamePasswordToken token = new UsernamePasswordToken("admin",
"admin");
currentUser.login(token);
}
logger.debug("Is user authenticated ?" + currentUser.isAuthenticated());
logger.debug(currentUser.getPrincipal());
logger.debug(currentUser.getSession().getId());
}
When I call the servlet directly, authentication succeed but it is not
persisted. currentUser.isAuthenticated() is always false in other call. Here
are 2 logs for this
http://shiro-user.582556.n2.nabble.com/file/n5386790/direct-call-1-log.txt
direct-call-1-log.txt
http://shiro-user.582556.n2.nabble.com/file/n5386790/direct-call-2-log.txt
direct-call-2-log.txt
I notice that the session id change for each request. On the other side,
when I pass through a jsp which contains a form, Authentication is
persisted. Here are the logs
http://shiro-user.582556.n2.nabble.com/file/n5386790/form-call-1-log.txt
form-call-1-log.txt
http://shiro-user.582556.n2.nabble.com/file/n5386790/direct-call-3-log.txt
direct-call-3-log.txt
Someone understand why this happen?
Thank you for your help
Didier Bathily
PS: Sorry for my English, i'm French ;)
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Login-not-persisted-in-session-tp5386790p5386790.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Login not persisted in session
Posted by dbathily <di...@paraschool.com>.
Thank you Les for your reply.
I'm using the default servlet container
sessions.
I've an update. In creating the war you're asking for, i've found
that this problem is only in safari. I've done some tests in 2 macs with
Safari and I've this problem. No problem with other browsers (i've test
chrome and eclipse built in browser) ^^
Here is the simple test http://dl.dropbox.com/u/8744634/shiro.zip
Thank you for your help
Didier
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Login-not-persisted-in-session-tp5386790p5387069.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Login not persisted in session
Posted by Les Hazlewood <lh...@apache.org>.
Hi Didier,
This is very strange indeed - I've never seen it before.
Are you using shiro's native sessions? Or the default servlet
container sessions?
Can we see your shiro configuration (e.g. shiro.ini or other similar mechanism)?
Or, it would be easiest if you could create an extremely simple webapp
(.war file) and attach it to a Jira issue. Then we could test it out
for ourselves and use a debugger.
I'm very happy to help - it just that a test .war would help us get an
answer much faster.
Cheers,
Les
On Sun, Aug 8, 2010 at 12:06 PM, dbathily <di...@paraschool.com> wrote:
>
> Hello
>
> I try to use shiro to secure a gwt application. I meets a very strange
> problem, probably a bug. For simple testing, I created a servlet with only
> this code.
>
> public void service(ServletRequest request, ServletResponse response)
> throws ServletException, IOException {
> logger.debug(request.getParameter("username"));
> logger.debug(request.getParameter("password"));
>
> Subject currentUser = SecurityUtils.getSubject();
>
> logger.debug(currentUser.getSession().getId());
> if(!currentUser.isAuthenticated()) {
> logger.debug("User is not authenticated. Try to authenticate");
> UsernamePasswordToken token = new UsernamePasswordToken("admin",
> "admin");
> currentUser.login(token);
> }
> logger.debug("Is user authenticated ?" + currentUser.isAuthenticated());
> logger.debug(currentUser.getPrincipal());
> logger.debug(currentUser.getSession().getId());
> }
>
> When I call the servlet directly, authentication succeed but it is not
> persisted. currentUser.isAuthenticated() is always false in other call. Here
> are 2 logs for this
>
> http://shiro-user.582556.n2.nabble.com/file/n5386790/direct-call-1-log.txt
> direct-call-1-log.txt
> http://shiro-user.582556.n2.nabble.com/file/n5386790/direct-call-2-log.txt
> direct-call-2-log.txt
>
> I notice that the session id change for each request. On the other side,
> when I pass through a jsp which contains a form, Authentication is
> persisted. Here are the logs
>
> http://shiro-user.582556.n2.nabble.com/file/n5386790/form-call-1-log.txt
> form-call-1-log.txt
> http://shiro-user.582556.n2.nabble.com/file/n5386790/direct-call-3-log.txt
> direct-call-3-log.txt
>
> Someone understand why this happen?
> Thank you for your help
>
> Didier Bathily
> PS: Sorry for my English, i'm French ;)
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Login-not-persisted-in-session-tp5386790p5386790.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>