You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Lidija Dolinar <li...@gmail.com> on 2014/02/25 08:44:51 UTC
shiro UsernamePasswordToken "RememberMe" problems
Hi,
I tried "Remember Me" functionality here:
http://tynamo-federatedaccounts.tynamo.org/ (live demo webapp) but the user
isn't remembered.
When I check the "Remember Me" checkbox and login, the cookie "rememberMe"
is created. After I close the browser and reopen it again I'm not logged
in. Am I missing something here?
I'm struggling with the creation of the "rememberMe" cookie. This is my
Login.java:
public Object onActionFromJsecLoginForm() {
Subject currentUser = securityService.getSubject();
if (currentUser == null) {
throw new IllegalStateException("Subject can`t be null");
}
UsernamePasswordToken token = new UsernamePasswordToken(jsecLogin,
jsecPassword);
token.setRememberMe(true);
try {
currentUser.login(token);
}
...
}
This is taken from shiro documentation (
https://shiro.apache.org/authentication.html):
//Example using most common scenario of username/password
pair:UsernamePasswordToken token = new UsernamePasswordToken(username,
password);
//"Remember Me" built-in:token.setRememberMe(true);
However, the cookie "rememberMe" isn't created :-/. What am I missing?
Regards,
Lidija
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Lidija Dolinar <li...@gmail.com>.
Cookie size is 2K. Works like a charm, thank you :).
Regards,
Lidija
On Thu, Mar 6, 2014 at 12:21 PM, Dusko Jovanovski <du...@gmail.com> wrote:
> Thanks for pointing that out, I wasn't finishing the GZIP stream properly,
> already fixed in the updated gist.
> https://gist.github.com/duskote/0f8cce8d1b0d1cc56844
>
> You could give it another try and see if it works for you.
>
>
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Dusko Jovanovski <du...@gmail.com>.
No problem Kalle, make sure to give credit to Janne though, most of the
work is his.
I wouldn't make this the default Serializer just yet, because it will
invalidate existing cookies for clients that will upgrade to the new
version. I would offer it as an optional Serializer implementation
(possibly configurable with a symbol), people would be able to enable it if
they like. Ultimately, the call is yours, I just wanted to point out this
possible problem.
On Mon, Mar 10, 2014 at 9:41 PM, Kalle Korhonen
<ka...@gmail.com>wrote:
> Perhaps there's no reason to wait for a fix in Shiro. I could just
> implement this as a new default CookieRememberMeManager in
> tapestry-security. Dusko, you mind if I use your SimplePrincipalSerializer?
>
> Kalle
>
>
> On Thu, Mar 6, 2014 at 3:21 AM, Dusko Jovanovski <du...@gmail.com>
> wrote:
>
> > Thanks for pointing that out, I wasn't finishing the GZIP stream
> properly,
> > already fixed in the updated gist.
> > https://gist.github.com/duskote/0f8cce8d1b0d1cc56844
> >
> > You could give it another try and see if it works for you.
> >
> >
> > On Thu, Mar 6, 2014 at 11:36 AM, Lidija Dolinar <lidija.ldo@gmail.com
> > >wrote:
> >
> > > Dusko, thank you for your reply.
> > >
> > > If I use your SimplePrincipalSerializer, the rememberMe cookie is
> indeed
> > > created and is very small:
> > >
> > >
> > > [11:31:39] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
> > > HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0;
> > > Expires=Wed, 05-Mar-2014 10:31:39 GMT]
> > > [11:31:39] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
> > > HttpServletResponse Cookie
> > > [rememberMe=Kjvu3Jysio7jGf7Xew6Rp46oiHDrDC/V00ltCDbFw4M=; Path=/;
> > > Max-Age=1209600; Expires=Thu, 20-Mar-2014 10:31:39 GMT; HttpOnly]
> > >
> > >
> > >
> > > But I get the following exception at deserialization time (sorry for
> the
> > > ugly wrapping):
> > >
> > >
> > >
> > > [11:32:36] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Found
> > > 'rememberMe' cookie value
> [Kjvu3Jysio7jGf7Xew6Rp46oiHDrDC/V00ltCDbFw4M=]
> > > [11:32:36] DEBUG [org.apache.shiro.mgt.AbstractRememberMeManager]:
> There
> > > was a failure while trying to retrieve remembered principals. This
> could
> > > be due to a configuration problem or corrupted principals. This could
> > also
> > > be due to a recently changed encryption key. The remembered identity
> > will
> > > be forgotten and not used for this request.
> > > org.apache.shiro.io.SerializationException: Unexpected end of ZLIB
> input
> > > stream
> > > at
> > >
> > >
> >
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:85)
> > > ~[classes/:na]
> > > at
> > >
> > >
> >
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:17)
> > > ~[classes/:na]
> > > at
> > >
> > >
> >
> org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:514)
> > > ~[shiro-core-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> > > ~[shiro-core-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:396)
> > > ~[shiro-core-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
> > > [shiro-core-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
> > > [shiro-core-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
> > > [shiro-core-1.2.0.jar:1.2.0]
> > > at $WebSecurityManager_439fe43247936.createSubject(Unknown Source)
> > [na:na]
> > > at
> > org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
> > > [shiro-core-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
> > > [shiro-web-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.tynamo.security.services.impl.SecurityConfiguration.service(SecurityConfiguration.java:51)
> > > [tapestry-security-0.5.1.jar:0.5.1]
> > > at $HttpServletRequestFilter_439fe43247931.service(Unknown Source)
> > [na:na]
> > > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> > [na:na]
> > > at
> > >
> > >
> >
> org.got5.tapestry5.jquery.services.AjaxUploadServletRequestFilter.service(AjaxUploadServletRequestFilter.java:26)
> > > [tapestry5-jquery-3.3.3.jar:na]
> > > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> > [na:na]
> > > at
> > >
> > >
> >
> org.apache.tapestry5.upload.internal.services.MultipartServletRequestFilter.service(MultipartServletRequestFilter.java:44)
> > > [tapestry-upload-5.3.7.jar:na]
> > > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> > [na:na]
> > > at
> > >
> > >
> >
> org.tynamo.resteasy.ResteasyRequestFilter.service(ResteasyRequestFilter.java:100)
> > > [tapestry-resteasy-0.3.1.jar:0.3.1]
> > > at $HttpServletRequestFilter_439fe4324792e.service(Unknown Source)
> > [na:na]
> > > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> > [na:na]
> > > at
> > >
> > >
> >
> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
> > > [tapestry-core-5.3.7.jar:na]
> > > at $HttpServletRequestFilter_439fe4324792c.service(Unknown Source)
> > [na:na]
> > > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> > [na:na]
> > > at
> > >
> > >
> >
> org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
> > > [tapestry-core-5.3.7.jar:na]
> > > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> > [na:na]
> > > at $HttpServletRequestHandler_439fe4324792b.service(Unknown Source)
> > [na:na]
> > > at
> org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
> > > [tapestry-core-5.3.7.jar:na]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> > > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:206)
> > > [javamelody-core-1.43.0.jar:1.43.0]
> > > at
> > net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:179)
> > > [javamelody-core-1.43.0.jar:1.43.0]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> > > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at com.hazelcast.web.WebFilter.doFilter(WebFilter.java:598)
> > > [hazelcast-wm-2.5.jar:2.5]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> > > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> >
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
> > > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> >
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
> > > [jetty-security-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
> > > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at org.eclipse.jetty.server.Server.handle(Server.java:368)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:488)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:932)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:994)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
> > > [jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
> > > [jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
> > > [jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
> > > [jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
> > > [jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
> > > [jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at java.lang.Thread.run(Thread.java:662) [na:1.6.0_43]
> > > [11:32:36] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
> > > HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0;
> > > Expires=Wed, 05-Mar-2014 10:32:36 GMT]
> > > [11:32:36] WARN [org.apache.shiro.mgt.DefaultSecurityManager]:
> Delegate
> > > RememberMeManager instance of type
> > > [si.najdi.web.services.NajdiCookieRememberMeManager] threw an exception
> > > during getRememberedPrincipals().
> > > org.apache.shiro.io.SerializationException: Unexpected end of ZLIB
> input
> > > stream
> > > at
> > >
> > >
> >
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:85)
> > > ~[classes/:na]
> > > at
> > >
> > >
> >
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:17)
> > > ~[classes/:na]
> > > at
> > >
> > >
> >
> org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:514)
> > > ~[shiro-core-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> > > ~[shiro-core-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:396)
> > > ~[shiro-core-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
> > > [shiro-core-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
> > > [shiro-core-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
> > > [shiro-core-1.2.0.jar:1.2.0]
> > > at $WebSecurityManager_439fe43247936.createSubject(Unknown Source)
> > [na:na]
> > > at
> > org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
> > > [shiro-core-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
> > > [shiro-web-1.2.0.jar:1.2.0]
> > > at
> > >
> > >
> >
> org.tynamo.security.services.impl.SecurityConfiguration.service(SecurityConfiguration.java:51)
> > > [tapestry-security-0.5.1.jar:0.5.1]
> > > at $HttpServletRequestFilter_439fe43247931.service(Unknown Source)
> > [na:na]
> > > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> > [na:na]
> > > at
> > >
> > >
> >
> org.got5.tapestry5.jquery.services.AjaxUploadServletRequestFilter.service(AjaxUploadServletRequestFilter.java:26)
> > > [tapestry5-jquery-3.3.3.jar:na]
> > > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> > [na:na]
> > > at
> > >
> > >
> >
> org.apache.tapestry5.upload.internal.services.MultipartServletRequestFilter.service(MultipartServletRequestFilter.java:44)
> > > [tapestry-upload-5.3.7.jar:na]
> > > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> > [na:na]
> > > at
> > >
> > >
> >
> org.tynamo.resteasy.ResteasyRequestFilter.service(ResteasyRequestFilter.java:100)
> > > [tapestry-resteasy-0.3.1.jar:0.3.1]
> > > at $HttpServletRequestFilter_439fe4324792e.service(Unknown Source)
> > [na:na]
> > > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> > [na:na]
> > > at
> > >
> > >
> >
> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
> > > [tapestry-core-5.3.7.jar:na]
> > > at $HttpServletRequestFilter_439fe4324792c.service(Unknown Source)
> > [na:na]
> > > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> > [na:na]
> > > at
> > >
> > >
> >
> org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
> > > [tapestry-core-5.3.7.jar:na]
> > > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> > [na:na]
> > > at $HttpServletRequestHandler_439fe4324792b.service(Unknown Source)
> > [na:na]
> > > at
> org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
> > > [tapestry-core-5.3.7.jar:na]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> > > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:206)
> > > [javamelody-core-1.43.0.jar:1.43.0]
> > > at
> > net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:179)
> > > [javamelody-core-1.43.0.jar:1.43.0]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> > > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at com.hazelcast.web.WebFilter.doFilter(WebFilter.java:598)
> > > [hazelcast-wm-2.5.jar:2.5]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> > > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> >
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
> > > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> >
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
> > > [jetty-security-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
> > > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at org.eclipse.jetty.server.Server.handle(Server.java:368)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:488)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:932)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:994)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
> > > [jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
> > > [jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
> > > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
> > > [jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
> > > [jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
> > > [jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at
> > >
> > >
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
> > > [jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
> > > at java.lang.Thread.run(Thread.java:662) [na:1.6.0_43]
> > >
> > >
> > >
> > > Regards,
> > > Lidija
> > >
> > >
> > >
> > > On Thu, Mar 6, 2014 at 11:14 AM, Dusko Jovanovski <du...@gmail.com>
> > > wrote:
> > >
> > > > Hello Lidija, could you try out this custom serializer and report
> back
> > > with
> > > > the results?
> > > >
> > > > https://gist.github.com/duskote/0f8cce8d1b0d1cc56844
> > > >
> > > >
> > > >
> > >
> >
>
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Kalle Korhonen <ka...@gmail.com>.
Perhaps there's no reason to wait for a fix in Shiro. I could just
implement this as a new default CookieRememberMeManager in
tapestry-security. Dusko, you mind if I use your SimplePrincipalSerializer?
Kalle
On Thu, Mar 6, 2014 at 3:21 AM, Dusko Jovanovski <du...@gmail.com> wrote:
> Thanks for pointing that out, I wasn't finishing the GZIP stream properly,
> already fixed in the updated gist.
> https://gist.github.com/duskote/0f8cce8d1b0d1cc56844
>
> You could give it another try and see if it works for you.
>
>
> On Thu, Mar 6, 2014 at 11:36 AM, Lidija Dolinar <lidija.ldo@gmail.com
> >wrote:
>
> > Dusko, thank you for your reply.
> >
> > If I use your SimplePrincipalSerializer, the rememberMe cookie is indeed
> > created and is very small:
> >
> >
> > [11:31:39] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
> > HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0;
> > Expires=Wed, 05-Mar-2014 10:31:39 GMT]
> > [11:31:39] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
> > HttpServletResponse Cookie
> > [rememberMe=Kjvu3Jysio7jGf7Xew6Rp46oiHDrDC/V00ltCDbFw4M=; Path=/;
> > Max-Age=1209600; Expires=Thu, 20-Mar-2014 10:31:39 GMT; HttpOnly]
> >
> >
> >
> > But I get the following exception at deserialization time (sorry for the
> > ugly wrapping):
> >
> >
> >
> > [11:32:36] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Found
> > 'rememberMe' cookie value [Kjvu3Jysio7jGf7Xew6Rp46oiHDrDC/V00ltCDbFw4M=]
> > [11:32:36] DEBUG [org.apache.shiro.mgt.AbstractRememberMeManager]: There
> > was a failure while trying to retrieve remembered principals. This could
> > be due to a configuration problem or corrupted principals. This could
> also
> > be due to a recently changed encryption key. The remembered identity
> will
> > be forgotten and not used for this request.
> > org.apache.shiro.io.SerializationException: Unexpected end of ZLIB input
> > stream
> > at
> >
> >
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:85)
> > ~[classes/:na]
> > at
> >
> >
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:17)
> > ~[classes/:na]
> > at
> >
> >
> org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:514)
> > ~[shiro-core-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> > ~[shiro-core-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:396)
> > ~[shiro-core-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
> > [shiro-core-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
> > [shiro-core-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
> > [shiro-core-1.2.0.jar:1.2.0]
> > at $WebSecurityManager_439fe43247936.createSubject(Unknown Source)
> [na:na]
> > at
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
> > [shiro-core-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
> > [shiro-web-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.tynamo.security.services.impl.SecurityConfiguration.service(SecurityConfiguration.java:51)
> > [tapestry-security-0.5.1.jar:0.5.1]
> > at $HttpServletRequestFilter_439fe43247931.service(Unknown Source)
> [na:na]
> > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> [na:na]
> > at
> >
> >
> org.got5.tapestry5.jquery.services.AjaxUploadServletRequestFilter.service(AjaxUploadServletRequestFilter.java:26)
> > [tapestry5-jquery-3.3.3.jar:na]
> > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> [na:na]
> > at
> >
> >
> org.apache.tapestry5.upload.internal.services.MultipartServletRequestFilter.service(MultipartServletRequestFilter.java:44)
> > [tapestry-upload-5.3.7.jar:na]
> > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> [na:na]
> > at
> >
> >
> org.tynamo.resteasy.ResteasyRequestFilter.service(ResteasyRequestFilter.java:100)
> > [tapestry-resteasy-0.3.1.jar:0.3.1]
> > at $HttpServletRequestFilter_439fe4324792e.service(Unknown Source)
> [na:na]
> > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> [na:na]
> > at
> >
> >
> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
> > [tapestry-core-5.3.7.jar:na]
> > at $HttpServletRequestFilter_439fe4324792c.service(Unknown Source)
> [na:na]
> > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> [na:na]
> > at
> >
> >
> org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
> > [tapestry-core-5.3.7.jar:na]
> > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> [na:na]
> > at $HttpServletRequestHandler_439fe4324792b.service(Unknown Source)
> [na:na]
> > at org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
> > [tapestry-core-5.3.7.jar:na]
> > at
> >
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:206)
> > [javamelody-core-1.43.0.jar:1.43.0]
> > at
> net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:179)
> > [javamelody-core-1.43.0.jar:1.43.0]
> > at
> >
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at com.hazelcast.web.WebFilter.doFilter(WebFilter.java:598)
> > [hazelcast-wm-2.5.jar:2.5]
> > at
> >
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
> > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
> > [jetty-security-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
> > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at org.eclipse.jetty.server.Server.handle(Server.java:368)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:488)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:932)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:994)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
> > [jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
> > [jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
> > [jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
> > [jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
> > [jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
> > [jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at java.lang.Thread.run(Thread.java:662) [na:1.6.0_43]
> > [11:32:36] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
> > HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0;
> > Expires=Wed, 05-Mar-2014 10:32:36 GMT]
> > [11:32:36] WARN [org.apache.shiro.mgt.DefaultSecurityManager]: Delegate
> > RememberMeManager instance of type
> > [si.najdi.web.services.NajdiCookieRememberMeManager] threw an exception
> > during getRememberedPrincipals().
> > org.apache.shiro.io.SerializationException: Unexpected end of ZLIB input
> > stream
> > at
> >
> >
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:85)
> > ~[classes/:na]
> > at
> >
> >
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:17)
> > ~[classes/:na]
> > at
> >
> >
> org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:514)
> > ~[shiro-core-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> > ~[shiro-core-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:396)
> > ~[shiro-core-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
> > [shiro-core-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
> > [shiro-core-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
> > [shiro-core-1.2.0.jar:1.2.0]
> > at $WebSecurityManager_439fe43247936.createSubject(Unknown Source)
> [na:na]
> > at
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
> > [shiro-core-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
> > [shiro-web-1.2.0.jar:1.2.0]
> > at
> >
> >
> org.tynamo.security.services.impl.SecurityConfiguration.service(SecurityConfiguration.java:51)
> > [tapestry-security-0.5.1.jar:0.5.1]
> > at $HttpServletRequestFilter_439fe43247931.service(Unknown Source)
> [na:na]
> > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> [na:na]
> > at
> >
> >
> org.got5.tapestry5.jquery.services.AjaxUploadServletRequestFilter.service(AjaxUploadServletRequestFilter.java:26)
> > [tapestry5-jquery-3.3.3.jar:na]
> > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> [na:na]
> > at
> >
> >
> org.apache.tapestry5.upload.internal.services.MultipartServletRequestFilter.service(MultipartServletRequestFilter.java:44)
> > [tapestry-upload-5.3.7.jar:na]
> > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> [na:na]
> > at
> >
> >
> org.tynamo.resteasy.ResteasyRequestFilter.service(ResteasyRequestFilter.java:100)
> > [tapestry-resteasy-0.3.1.jar:0.3.1]
> > at $HttpServletRequestFilter_439fe4324792e.service(Unknown Source)
> [na:na]
> > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> [na:na]
> > at
> >
> >
> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
> > [tapestry-core-5.3.7.jar:na]
> > at $HttpServletRequestFilter_439fe4324792c.service(Unknown Source)
> [na:na]
> > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> [na:na]
> > at
> >
> >
> org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
> > [tapestry-core-5.3.7.jar:na]
> > at $HttpServletRequestHandler_439fe43247934.service(Unknown Source)
> [na:na]
> > at $HttpServletRequestHandler_439fe4324792b.service(Unknown Source)
> [na:na]
> > at org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
> > [tapestry-core-5.3.7.jar:na]
> > at
> >
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:206)
> > [javamelody-core-1.43.0.jar:1.43.0]
> > at
> net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:179)
> > [javamelody-core-1.43.0.jar:1.43.0]
> > at
> >
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at com.hazelcast.web.WebFilter.doFilter(WebFilter.java:598)
> > [hazelcast-wm-2.5.jar:2.5]
> > at
> >
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
> > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
> > [jetty-security-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
> > [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at org.eclipse.jetty.server.Server.handle(Server.java:368)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:488)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:932)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:994)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
> > [jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
> > [jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
> > [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
> > [jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
> > [jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
> > [jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at
> >
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
> > [jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
> > at java.lang.Thread.run(Thread.java:662) [na:1.6.0_43]
> >
> >
> >
> > Regards,
> > Lidija
> >
> >
> >
> > On Thu, Mar 6, 2014 at 11:14 AM, Dusko Jovanovski <du...@gmail.com>
> > wrote:
> >
> > > Hello Lidija, could you try out this custom serializer and report back
> > with
> > > the results?
> > >
> > > https://gist.github.com/duskote/0f8cce8d1b0d1cc56844
> > >
> > >
> > >
> >
>
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Dusko Jovanovski <du...@gmail.com>.
Thanks for pointing that out, I wasn't finishing the GZIP stream properly,
already fixed in the updated gist.
https://gist.github.com/duskote/0f8cce8d1b0d1cc56844
You could give it another try and see if it works for you.
On Thu, Mar 6, 2014 at 11:36 AM, Lidija Dolinar <li...@gmail.com>wrote:
> Dusko, thank you for your reply.
>
> If I use your SimplePrincipalSerializer, the rememberMe cookie is indeed
> created and is very small:
>
>
> [11:31:39] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
> HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0;
> Expires=Wed, 05-Mar-2014 10:31:39 GMT]
> [11:31:39] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
> HttpServletResponse Cookie
> [rememberMe=Kjvu3Jysio7jGf7Xew6Rp46oiHDrDC/V00ltCDbFw4M=; Path=/;
> Max-Age=1209600; Expires=Thu, 20-Mar-2014 10:31:39 GMT; HttpOnly]
>
>
>
> But I get the following exception at deserialization time (sorry for the
> ugly wrapping):
>
>
>
> [11:32:36] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Found
> 'rememberMe' cookie value [Kjvu3Jysio7jGf7Xew6Rp46oiHDrDC/V00ltCDbFw4M=]
> [11:32:36] DEBUG [org.apache.shiro.mgt.AbstractRememberMeManager]: There
> was a failure while trying to retrieve remembered principals. This could
> be due to a configuration problem or corrupted principals. This could also
> be due to a recently changed encryption key. The remembered identity will
> be forgotten and not used for this request.
> org.apache.shiro.io.SerializationException: Unexpected end of ZLIB input
> stream
> at
>
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:85)
> ~[classes/:na]
> at
>
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:17)
> ~[classes/:na]
> at
>
> org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:514)
> ~[shiro-core-1.2.0.jar:1.2.0]
> at
>
> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> ~[shiro-core-1.2.0.jar:1.2.0]
> at
>
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:396)
> ~[shiro-core-1.2.0.jar:1.2.0]
> at
>
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
> [shiro-core-1.2.0.jar:1.2.0]
> at
>
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
> [shiro-core-1.2.0.jar:1.2.0]
> at
>
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
> [shiro-core-1.2.0.jar:1.2.0]
> at $WebSecurityManager_439fe43247936.createSubject(Unknown Source) [na:na]
> at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
> [shiro-core-1.2.0.jar:1.2.0]
> at
>
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
> [shiro-web-1.2.0.jar:1.2.0]
> at
>
> org.tynamo.security.services.impl.SecurityConfiguration.service(SecurityConfiguration.java:51)
> [tapestry-security-0.5.1.jar:0.5.1]
> at $HttpServletRequestFilter_439fe43247931.service(Unknown Source) [na:na]
> at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
> at
>
> org.got5.tapestry5.jquery.services.AjaxUploadServletRequestFilter.service(AjaxUploadServletRequestFilter.java:26)
> [tapestry5-jquery-3.3.3.jar:na]
> at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
> at
>
> org.apache.tapestry5.upload.internal.services.MultipartServletRequestFilter.service(MultipartServletRequestFilter.java:44)
> [tapestry-upload-5.3.7.jar:na]
> at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
> at
>
> org.tynamo.resteasy.ResteasyRequestFilter.service(ResteasyRequestFilter.java:100)
> [tapestry-resteasy-0.3.1.jar:0.3.1]
> at $HttpServletRequestFilter_439fe4324792e.service(Unknown Source) [na:na]
> at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
> at
>
> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
> [tapestry-core-5.3.7.jar:na]
> at $HttpServletRequestFilter_439fe4324792c.service(Unknown Source) [na:na]
> at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
> at
>
> org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
> [tapestry-core-5.3.7.jar:na]
> at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
> at $HttpServletRequestHandler_439fe4324792b.service(Unknown Source) [na:na]
> at org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
> [tapestry-core-5.3.7.jar:na]
> at
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:206)
> [javamelody-core-1.43.0.jar:1.43.0]
> at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:179)
> [javamelody-core-1.43.0.jar:1.43.0]
> at
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> at com.hazelcast.web.WebFilter.doFilter(WebFilter.java:598)
> [hazelcast-wm-2.5.jar:2.5]
> at
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
> [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
> [jetty-security-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
> [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at org.eclipse.jetty.server.Server.handle(Server.java:368)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:488)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:932)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:994)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
> [jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
> [jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
> [jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
> [jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
> [jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
> [jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
> at java.lang.Thread.run(Thread.java:662) [na:1.6.0_43]
> [11:32:36] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
> HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0;
> Expires=Wed, 05-Mar-2014 10:32:36 GMT]
> [11:32:36] WARN [org.apache.shiro.mgt.DefaultSecurityManager]: Delegate
> RememberMeManager instance of type
> [si.najdi.web.services.NajdiCookieRememberMeManager] threw an exception
> during getRememberedPrincipals().
> org.apache.shiro.io.SerializationException: Unexpected end of ZLIB input
> stream
> at
>
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:85)
> ~[classes/:na]
> at
>
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:17)
> ~[classes/:na]
> at
>
> org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:514)
> ~[shiro-core-1.2.0.jar:1.2.0]
> at
>
> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
> ~[shiro-core-1.2.0.jar:1.2.0]
> at
>
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:396)
> ~[shiro-core-1.2.0.jar:1.2.0]
> at
>
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
> [shiro-core-1.2.0.jar:1.2.0]
> at
>
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
> [shiro-core-1.2.0.jar:1.2.0]
> at
>
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
> [shiro-core-1.2.0.jar:1.2.0]
> at $WebSecurityManager_439fe43247936.createSubject(Unknown Source) [na:na]
> at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
> [shiro-core-1.2.0.jar:1.2.0]
> at
>
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
> [shiro-web-1.2.0.jar:1.2.0]
> at
>
> org.tynamo.security.services.impl.SecurityConfiguration.service(SecurityConfiguration.java:51)
> [tapestry-security-0.5.1.jar:0.5.1]
> at $HttpServletRequestFilter_439fe43247931.service(Unknown Source) [na:na]
> at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
> at
>
> org.got5.tapestry5.jquery.services.AjaxUploadServletRequestFilter.service(AjaxUploadServletRequestFilter.java:26)
> [tapestry5-jquery-3.3.3.jar:na]
> at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
> at
>
> org.apache.tapestry5.upload.internal.services.MultipartServletRequestFilter.service(MultipartServletRequestFilter.java:44)
> [tapestry-upload-5.3.7.jar:na]
> at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
> at
>
> org.tynamo.resteasy.ResteasyRequestFilter.service(ResteasyRequestFilter.java:100)
> [tapestry-resteasy-0.3.1.jar:0.3.1]
> at $HttpServletRequestFilter_439fe4324792e.service(Unknown Source) [na:na]
> at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
> at
>
> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
> [tapestry-core-5.3.7.jar:na]
> at $HttpServletRequestFilter_439fe4324792c.service(Unknown Source) [na:na]
> at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
> at
>
> org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
> [tapestry-core-5.3.7.jar:na]
> at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
> at $HttpServletRequestHandler_439fe4324792b.service(Unknown Source) [na:na]
> at org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
> [tapestry-core-5.3.7.jar:na]
> at
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:206)
> [javamelody-core-1.43.0.jar:1.43.0]
> at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:179)
> [javamelody-core-1.43.0.jar:1.43.0]
> at
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> at com.hazelcast.web.WebFilter.doFilter(WebFilter.java:598)
> [hazelcast-wm-2.5.jar:2.5]
> at
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
> [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
> [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
> [jetty-security-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
> [jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at org.eclipse.jetty.server.Server.handle(Server.java:368)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:488)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:932)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:994)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
> [jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
> [jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
> [jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
> [jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
> [jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
> [jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
> at
>
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
> [jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
> at java.lang.Thread.run(Thread.java:662) [na:1.6.0_43]
>
>
>
> Regards,
> Lidija
>
>
>
> On Thu, Mar 6, 2014 at 11:14 AM, Dusko Jovanovski <du...@gmail.com>
> wrote:
>
> > Hello Lidija, could you try out this custom serializer and report back
> with
> > the results?
> >
> > https://gist.github.com/duskote/0f8cce8d1b0d1cc56844
> >
> >
> >
>
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Lidija Dolinar <li...@gmail.com>.
Dusko, thank you for your reply.
If I use your SimplePrincipalSerializer, the rememberMe cookie is indeed
created and is very small:
[11:31:39] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0;
Expires=Wed, 05-Mar-2014 10:31:39 GMT]
[11:31:39] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
HttpServletResponse Cookie
[rememberMe=Kjvu3Jysio7jGf7Xew6Rp46oiHDrDC/V00ltCDbFw4M=; Path=/;
Max-Age=1209600; Expires=Thu, 20-Mar-2014 10:31:39 GMT; HttpOnly]
But I get the following exception at deserialization time (sorry for the
ugly wrapping):
[11:32:36] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Found
'rememberMe' cookie value [Kjvu3Jysio7jGf7Xew6Rp46oiHDrDC/V00ltCDbFw4M=]
[11:32:36] DEBUG [org.apache.shiro.mgt.AbstractRememberMeManager]: There
was a failure while trying to retrieve remembered principals. This could
be due to a configuration problem or corrupted principals. This could also
be due to a recently changed encryption key. The remembered identity will
be forgotten and not used for this request.
org.apache.shiro.io.SerializationException: Unexpected end of ZLIB input
stream
at
si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:85)
~[classes/:na]
at
si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:17)
~[classes/:na]
at
org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:514)
~[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
~[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:396)
~[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
[shiro-core-1.2.0.jar:1.2.0]
at $WebSecurityManager_439fe43247936.createSubject(Unknown Source) [na:na]
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
[shiro-web-1.2.0.jar:1.2.0]
at
org.tynamo.security.services.impl.SecurityConfiguration.service(SecurityConfiguration.java:51)
[tapestry-security-0.5.1.jar:0.5.1]
at $HttpServletRequestFilter_439fe43247931.service(Unknown Source) [na:na]
at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
at
org.got5.tapestry5.jquery.services.AjaxUploadServletRequestFilter.service(AjaxUploadServletRequestFilter.java:26)
[tapestry5-jquery-3.3.3.jar:na]
at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
at
org.apache.tapestry5.upload.internal.services.MultipartServletRequestFilter.service(MultipartServletRequestFilter.java:44)
[tapestry-upload-5.3.7.jar:na]
at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
at
org.tynamo.resteasy.ResteasyRequestFilter.service(ResteasyRequestFilter.java:100)
[tapestry-resteasy-0.3.1.jar:0.3.1]
at $HttpServletRequestFilter_439fe4324792e.service(Unknown Source) [na:na]
at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
at
org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
[tapestry-core-5.3.7.jar:na]
at $HttpServletRequestFilter_439fe4324792c.service(Unknown Source) [na:na]
at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
at
org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
[tapestry-core-5.3.7.jar:na]
at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
at $HttpServletRequestHandler_439fe4324792b.service(Unknown Source) [na:na]
at org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
[tapestry-core-5.3.7.jar:na]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
[jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:206)
[javamelody-core-1.43.0.jar:1.43.0]
at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:179)
[javamelody-core-1.43.0.jar:1.43.0]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
[jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
at com.hazelcast.web.WebFilter.doFilter(WebFilter.java:598)
[hazelcast-wm-2.5.jar:2.5]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
[jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
[jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
[jetty-security-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
[jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at org.eclipse.jetty.server.Server.handle(Server.java:368)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:488)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:932)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:994)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
[jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
[jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
[jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
[jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
[jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
[jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_43]
[11:32:36] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0;
Expires=Wed, 05-Mar-2014 10:32:36 GMT]
[11:32:36] WARN [org.apache.shiro.mgt.DefaultSecurityManager]: Delegate
RememberMeManager instance of type
[si.najdi.web.services.NajdiCookieRememberMeManager] threw an exception
during getRememberedPrincipals().
org.apache.shiro.io.SerializationException: Unexpected end of ZLIB input
stream
at
si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:85)
~[classes/:na]
at
si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:17)
~[classes/:na]
at
org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:514)
~[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
~[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:396)
~[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:604)
[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:492)
[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)
[shiro-core-1.2.0.jar:1.2.0]
at $WebSecurityManager_439fe43247936.createSubject(Unknown Source) [na:na]
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
[shiro-web-1.2.0.jar:1.2.0]
at
org.tynamo.security.services.impl.SecurityConfiguration.service(SecurityConfiguration.java:51)
[tapestry-security-0.5.1.jar:0.5.1]
at $HttpServletRequestFilter_439fe43247931.service(Unknown Source) [na:na]
at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
at
org.got5.tapestry5.jquery.services.AjaxUploadServletRequestFilter.service(AjaxUploadServletRequestFilter.java:26)
[tapestry5-jquery-3.3.3.jar:na]
at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
at
org.apache.tapestry5.upload.internal.services.MultipartServletRequestFilter.service(MultipartServletRequestFilter.java:44)
[tapestry-upload-5.3.7.jar:na]
at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
at
org.tynamo.resteasy.ResteasyRequestFilter.service(ResteasyRequestFilter.java:100)
[tapestry-resteasy-0.3.1.jar:0.3.1]
at $HttpServletRequestFilter_439fe4324792e.service(Unknown Source) [na:na]
at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
at
org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
[tapestry-core-5.3.7.jar:na]
at $HttpServletRequestFilter_439fe4324792c.service(Unknown Source) [na:na]
at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
at
org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
[tapestry-core-5.3.7.jar:na]
at $HttpServletRequestHandler_439fe43247934.service(Unknown Source) [na:na]
at $HttpServletRequestHandler_439fe4324792b.service(Unknown Source) [na:na]
at org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
[tapestry-core-5.3.7.jar:na]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
[jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:206)
[javamelody-core-1.43.0.jar:1.43.0]
at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:179)
[javamelody-core-1.43.0.jar:1.43.0]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
[jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
at com.hazelcast.web.WebFilter.doFilter(WebFilter.java:598)
[hazelcast-wm-2.5.jar:2.5]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
[jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
[jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
[jetty-security-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
[jetty-servlet-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at org.eclipse.jetty.server.Server.handle(Server.java:368)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:488)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:932)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:994)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)
[jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
[jetty-http-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
[jetty-server-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
[jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
[jetty-io-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
[jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
[jetty-util-8.1.9.v20130131.jar:8.1.9.v20130131]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_43]
Regards,
Lidija
On Thu, Mar 6, 2014 at 11:14 AM, Dusko Jovanovski <du...@gmail.com> wrote:
> Hello Lidija, could you try out this custom serializer and report back with
> the results?
>
> https://gist.github.com/duskote/0f8cce8d1b0d1cc56844
>
>
>
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Dusko Jovanovski <du...@gmail.com>.
Hello Lidija, could you try out this custom serializer and report back with
the results?
https://gist.github.com/duskote/0f8cce8d1b0d1cc56844
On Thu, Mar 6, 2014 at 10:48 AM, Lidija Dolinar <li...@gmail.com>wrote:
> Ah, I see, you ment SimplePrincipalSerializer from the patch.
>
> It doesn't effect cookie size much though - it is now 4.3K instead of 4.6K
> so it doesn't resolve our problem, cookie is still to big.
>
> Regards,
> Lidija
>
>
> On Thu, Mar 6, 2014 at 10:14 AM, Lidija Dolinar <lidija.ldo@gmail.com
> >wrote:
>
> > By SimplePrincipalSerializer - did you mean this one that uses Kryo?
> >
> http://grepcode.com/file/repo1.maven.org/maven2/org.jasig.cas/cas-server-integration-memcached/4.0.0-RC1/org/jasig/cas/ticket/registry/support/kryo/serial/SimplePrincipalSerializer.java
> >
> > Regards,
> > Lidija
> >
> >
> >
> > On Wed, Mar 5, 2014 at 5:54 PM, Kalle Korhonen <
> kalle.o.korhonen@gmail.com
> > > wrote:
> >
> >> Ah yes, the size of the default remember me cookie can grow outrageously
> >> big because it uses Java serialization. That's long running issue
> against
> >> Shiro web (https://issues.apache.org/jira/browse/SHIRO-226). It's
> simply
> >> to
> >> override with your own implementation - you could use the one attached
> as
> >> a
> >> patch to the issue, then override the default CookieRememberMeManager
> >> with:
> >> public class LightCookieRememberMeManager extends
> CookieRememberMeManager
> >> {
> >> public LightCookieRememberMeManager() {
> >> super();
> >> setSerializer(new SimplePrincipalSerializer());
> >> }
> >> }
> >>
> >> Kalle
> >>
> >>
>
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Lidija Dolinar <li...@gmail.com>.
Ah, I see, you ment SimplePrincipalSerializer from the patch.
It doesn't effect cookie size much though - it is now 4.3K instead of 4.6K
so it doesn't resolve our problem, cookie is still to big.
Regards,
Lidija
On Thu, Mar 6, 2014 at 10:14 AM, Lidija Dolinar <li...@gmail.com>wrote:
> By SimplePrincipalSerializer - did you mean this one that uses Kryo?
> http://grepcode.com/file/repo1.maven.org/maven2/org.jasig.cas/cas-server-integration-memcached/4.0.0-RC1/org/jasig/cas/ticket/registry/support/kryo/serial/SimplePrincipalSerializer.java
>
> Regards,
> Lidija
>
>
>
> On Wed, Mar 5, 2014 at 5:54 PM, Kalle Korhonen <kalle.o.korhonen@gmail.com
> > wrote:
>
>> Ah yes, the size of the default remember me cookie can grow outrageously
>> big because it uses Java serialization. That's long running issue against
>> Shiro web (https://issues.apache.org/jira/browse/SHIRO-226). It's simply
>> to
>> override with your own implementation - you could use the one attached as
>> a
>> patch to the issue, then override the default CookieRememberMeManager
>> with:
>> public class LightCookieRememberMeManager extends CookieRememberMeManager
>> {
>> public LightCookieRememberMeManager() {
>> super();
>> setSerializer(new SimplePrincipalSerializer());
>> }
>> }
>>
>> Kalle
>>
>>
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Lidija Dolinar <li...@gmail.com>.
By SimplePrincipalSerializer - did you mean this one that uses Kryo?
http://grepcode.com/file/repo1.maven.org/maven2/org.jasig.cas/cas-server-integration-memcached/4.0.0-RC1/org/jasig/cas/ticket/registry/support/kryo/serial/SimplePrincipalSerializer.java
Regards,
Lidija
On Wed, Mar 5, 2014 at 5:54 PM, Kalle Korhonen
<ka...@gmail.com>wrote:
> Ah yes, the size of the default remember me cookie can grow outrageously
> big because it uses Java serialization. That's long running issue against
> Shiro web (https://issues.apache.org/jira/browse/SHIRO-226). It's simply
> to
> override with your own implementation - you could use the one attached as a
> patch to the issue, then override the default CookieRememberMeManager with:
> public class LightCookieRememberMeManager extends CookieRememberMeManager {
> public LightCookieRememberMeManager() {
> super();
> setSerializer(new SimplePrincipalSerializer());
> }
> }
>
> Kalle
>
>
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Kalle Korhonen <ka...@gmail.com>.
Ah yes, the size of the default remember me cookie can grow outrageously
big because it uses Java serialization. That's long running issue against
Shiro web (https://issues.apache.org/jira/browse/SHIRO-226). It's simply to
override with your own implementation - you could use the one attached as a
patch to the issue, then override the default CookieRememberMeManager with:
public class LightCookieRememberMeManager extends CookieRememberMeManager {
public LightCookieRememberMeManager() {
super();
setSerializer(new SimplePrincipalSerializer());
}
}
Kalle
On Tue, Mar 4, 2014 at 11:16 PM, Lidija Dolinar <li...@gmail.com>wrote:
> Sorry for talking to myself :-).
>
> We managed to resolve the issue - the cookie was bigger than 4K. I had to
> debug shiro-web since there was no warning whatsoever and browser obviously
> just ignored the cookie.
>
> This issue is nicely explained here:
>
> http://shiro-user.582556.n2.nabble.com/Remember-me-problems-with-object-in-SimpleAccount-td4817122.html
>
> I hope this will help someone else.
>
> Regards,
> Lidija
>
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Lidija Dolinar <li...@gmail.com>.
Sorry for talking to myself :-).
We managed to resolve the issue - the cookie was bigger than 4K. I had to
debug shiro-web since there was no warning whatsoever and browser obviously
just ignored the cookie.
This issue is nicely explained here:
http://shiro-user.582556.n2.nabble.com/Remember-me-problems-with-object-in-SimpleAccount-td4817122.html
I hope this will help someone else.
Regards,
Lidija
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Lidija Dolinar <li...@gmail.com>.
I pasted shiro's debug logs below.
As far as I can see two rememberMe cookies are created: one with value
"deleteMe" that gets deleted immediately since Max-Age=0 and another
rememberMe cookie that has expiration date 1 year from now. So why don't I
see this cookie in a browser?
There's a debug message "No SecurityManager available in subject context
map..."
Is this the reason?
LOG:
[09:23:46] DEBUG [org.apache.shiro.realm.AuthenticatingRealm]:
AuthenticationInfo caching is disabled for info [User [address=null,
birthDate=null, email=<hidden>, firstName=Lidija, gender=null,
lastName=Dolinar, phone=null, phoneConfirmed=null, postcode=null,
town=null, username=lidija, getEducation()=null, getAreaOfInterests()=[],
getOccupationStatus()=null]]. Submitted token:
[org.apache.shiro.authc.UsernamePasswordToken - lidija, rememberMe=true].
[09:23:46] DEBUG
[org.apache.shiro.authc.credential.SimpleCredentialsMatcher]: Performing
credentials equality check for tokenCredentials of type [[B and
accountCredentials of type [java.lang.String]
[09:23:46] DEBUG
[org.apache.shiro.authc.credential.SimpleCredentialsMatcher]: Both
credentials arguments can be easily converted to byte arrays. Performing
array equals comparison
[09:23:46] DEBUG [org.apache.shiro.authc.AbstractAuthenticator]:
Authentication successful for token
[org.apache.shiro.authc.UsernamePasswordToken - lidija, rememberMe=true].
Returned account [User [address=null, birthDate=null, email=<hidden>,
firstName=Lidija, gender=null, lastName=Dolinar, phone=null,
phoneConfirmed=null, postcode=null, town=null, username=lidija,
getEducation()=null, getAreaOfInterests()=[], getOccupationStatus()=null]]
[09:23:46] DEBUG [org.apache.shiro.subject.support.DefaultSubjectContext]:
No SecurityManager available in subject context map. Falling back to
SecurityUtils.getSecurityManager() lookup.
[09:23:46] DEBUG [org.apache.shiro.subject.support.DefaultSubjectContext]:
No SecurityManager available in subject context map. Falling back to
SecurityUtils.getSecurityManager() lookup.
[09:23:46] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0;
Expires=Mon, 03-Mar-2014 08:23:46 GMT]
[09:23:46] DEBUG [org.apache.shiro.web.servlet.SimpleCookie]: Added
HttpServletResponse Cookie
[rememberMe=iK3FlPgcUbXLREWQ7numYK6zQqDzmP52U+wijS0H64c9nCeVCyuBesQp9ElroMQB6xokXjf2HP8ouDMpKc5tmX73VCXXkAKXJTW75ZPf0I2vgGHroSHOO1qk317Xc8+Pxf/yn21tWWhusD9ccxuwFlz7FUre41T8u60GYMhRZr9DalCYcsqgcy4PEvTyYvLIKlNPH0j2ZSAW+Hj3mAbOxhavE4hRtmL1q/AHTn4kqQNNpXy4GJeY+pufgcro3YLzYC83Pn5beUDk39frylyv2Ooa2gyoMYrGBzKtrzRKe5yHxPEUecbhEB/WdgsB6/7UtiwluFLw44nb3o/gayZPAg5VHhOn23mTSrh6BkKz3XYYzvOFTv42liTTOQ5XVlVWRYO3dEAH0nszrccVU6S2vbz8pshLSp9/cFpIjTgeD5hE708knoNWE2zh0MJzGHXzmc1Oan+klb9QbQzmkEp4k65jl8t8J2hUjyPYPwD0W+34y1QwW1lmS6gezgZR2IH/jCLazd4DCa+tXAj4lczBHmUUhL4bPmWPlxD3/gbZXNL7hYTRC2pa+Gb30JwLN3Eh50jniE+xoCq2s0q/HqhW1MNg4fUpAe9XB4Ha1C/jJwnGNNbj+qPUnlMxMTza7x5xdcu5pM6YzXwVAl6LFVJ8RcOdY6XOxzNkAA7RE8GFkJlbPIYVQBL9L3wcdyDocbjWiyTaAbC5yALMu4bxBOLNV9apRDwDbwk3h4MrMXlD7pyKJT16GRw4pe3kZEUYa1wJVBT/xVlpkmknhOXgBSrtYefyTpNiGe0m5KReWfO/uTxhCwJyu5nCMuJMzQf0sKWNqhskll+enmuR52K6+DoJPJljW151B+Yt0FjPnUjr9+MAkodxhRJYIJgzWtK0ywYv9/wYNyqz3IgWjtXRYNa8SyGxMiSFIuszRD7wBQCziWqxv1AN/UtVVqM03wR1i57WPwM5l8Xk4xz0QfRLsApTmVa8P+b1QeEzYQWZfZFUbyIewnIdYzr+J+80rLfvwTSg+x+b50YAMxg7xSiTGlLRDeiI1nIXrFmQZTlwe5ngOKzKtquPCnff0c5jAt61F+hQwzU9A+WNs9DxZP3J7BwP2Lw59RWedicSfVEvXIsa5/HTT5xqvueivhgLTP9F05SM9yHrvYJkMcBJnP39ss4+K3RrkGFGWuhtZjwJl67PHQ96ZRNSMIa9xmTvkiiMNUsv+2nz3pEcwBEbMEKbUeZYKlIysdRHvy22AD2apGg+mK+FMv+i7qnnHwLyT3fn4ILK3170ovMBjqiWHSM/uvu3p+XmA8YqO3X2C/DhxtftCATnKLcJmzX5um5MkYqv5s3aOqfdf7MOC/M0VSsq33T17pdQEplscAO8Hy6sYwmubE5UBy5KYR4k+OcDCf0KqYDq/KqctSfLQMNC34YBwXZ9OP0dgkVT5wm30tXLZE3bsOP+qVobIWhSrn/kSI0l17otdF+2rNANg5ylufLCSmVw7POTF9bXE1Pda6aryu6hjjlSsn1TkVHcC37ivZYyON4IB+nfRSmhSttfUVgajnnQw54iIqqPYVJSUgfwqpqhkxEYwKl9RoZsC9B+aMto2pkYYCGp8gE02aCo0nyCOkIq48obnVdTwruC0lElqb4Vx1bMFRGKs/o0h1PCxujnRSsR7a3/4vhZ+eXARsazsDxfwceItKrtE7+ZDfLqJJqO4qX7rptvzmFarLsoecH2btoYxP1WwixkW4+ocOTGQSk3b2HsG5mXGvBHDZh40Hb/UtG2gpbQvJN7HkzzR0DhhB8MWF/8geB9L1F/TT0+HuWhnZ/d57kHPT5+mV7O1GDpeRV0NBOuA31arbx++ZMQkJoJnVFGp0l0d9At3BXPjANpX6jKtkPheB3ftmLP/UEB+2g1siAqaA6XtHmIVDMq9sr29yJmIyoRjODiIGM7kM7E2WEzPCF/tDH4uaPi6lfR4VpzwiWxxlSXAJvJMcBGxta4u7KWQvosaQFMDGLR4bmrnRJzRIJoID2e7sjGqoBNXtpMho/RUNnMQAUtAD7Vz7JEIoWRDR2t0fFYVbkNhQgYGMiO0MKh9Gs/QbIFxvZqwEuQZ8V3c/Vw4qkqOjqoqmdIs/8KlqHi/Ii3H2VxvDiFzAVWWwCgf/HbPEFK2Q05XdfP5MvFwL+29sRR8PhqNoFQYUNtjn3sE9K5ISzeq4G2aOpciatU4Ye0t2i8+K0i/wQ2pkXl3o6dKefKPm5zhagJ/S603zmQZZdd8yUgGaShCVasOdHlE6B8tbkkaLEQBUf78ZKMBYomcGi3EphzwZq/iTlXGvcn5ltmCIcCA/qn/5Dd5z6vzjaspIH4aDGmNxdMT+3IXwEGLJC2I0JTAY1+1NDzrTJUvgOsSzALEvdcH2gQsfP/X9RqsDICt/tdt0JukZWjTkpwSv3fWHNAYG2NsUNodCH5XaM9wmblschZlvfDg5aXi5Q77KQMHIgQEBUmG+KMAlpVnyMFJevJwe8XRgd41Yt1W1Fi37fweAGDKgzt1NK1LigBvWmYVUo6bKrUw9FndfAy3ceK7JEiOCMd+0mcsnpWSUPQqwZm9unJP8ifyBROv7W7sFABS7zaCZwojU44rqRMX05YD52Vln7mi4P7dEpTwl3HL4ynJc1RlzLaCVYXhMuJBLRw6f4GHNxiLlU/plJLqyuaJdemvr7iYsSD8q4/JNixSpHJwOugAA3Xm9Xk0kwxCqpGowwtu13G/3MUcsar452A1B9iRhczH+fulkfhDOi9xWAOmNt3nNERHbbHulB217nhjyPaoVOp7jHSOpNzDzqOAzAYfWb34wlDHOGOLnxFNDFQdHGbr5Ur3t1QIY4CaWR5KWREPPs2+J7aMG0Vszj9WI7kGSG2Q5yaIf/f4gxT9NI3XpI2/LdkSqFDigN23t+MvvoI8Eyb6VLPIz414Pc1+a1FYSuuFL/S2KPnJlq7q/2yWvbExs25h6cSAxO+mLstNLbzH+XFct6J2s+kYGvdmoLM8R7WK0W9LnFy1/AygUNdBJ+z2chzs+BkcrG3WJvktf7gOaOnIpA3WTaevdYSJyqHN4uVVY4TuOUUwhTzXcG1TJeHo5OJI5eaW3Fp3NsLuxayVtSIJlLtP/3QOWvUt7nbqtm/UvTZ/fw4/RzwXrhz38AiVKiAQoGo+dxuQAFE6ZadFoxg2fCsxl7qbymSZcCMpZ6EWp+0VdkzzWfULeKxrjDo9o6qlIPhw4FH625IbtBRIh6o5RCpAb/ZSNhDWsrcSH3lfOg+XTQy7ji+aATwmgGKlv840tpXqXGVYeUExDGGeFGexwxbs1FrOot0L1TCK4qGUAxVekIIzdsi9yyVJ92/eE9+gHlVavr0aGS755O3HaG9t6kaXK2yT4Ko8Fe7ER9/nbgi5LHWtdYlyG8vT1+WLk5XNgE6TdZKABTN/GM8SKpaJoLMuCyprY0uQ9lkKkhm3G1iSo/LQpxscFIZpiCwdwkFmEqxNG+Tn950vTQ8pSGHNLktZ5dfci886UNhFLBPLCB8VLoyTRQ0gI77Pg/Zi/zdYJ7Tf4oVCDJU2dpb4LMhvgn8AsCDRiomXjITyBRgGh/r/leeZJWg7hE/VXS3D/k/4FOHP9XjrRHjtXJLI5hUpYcRgHBU00a+rpeycOamiODTJ9yj1qFRsZF7BU2RcrdpDsSy+Z/lcP/0fPhAmTMj8wSUk0mZTno3TKok3SjpaB864BfWktojEwtJOcpnjz5S7uaxuyhhqbYMUdHqwAK1zNuwcNedFM10Vypu43lMi8xuyc2vF13SZMp03vPN0zOqftMdyDxcfIiHpc52j+0APy3Y+oSHMq6I/HvzI+1sNXm1qdRYgbhRzqLo1RWJupxhmrpPcUHMgEnMNAUWtL1J57h9t2S4hMxehPSvHbveq7/tGr01q7APxEVd53yCJeN9h0Ur6HqS9r8JLG3O2+ofAmxvcnWJr1LmUgKCuMPVCVU+FbSOOUZmmKm6hCiehDnMDpwTvJV+yQAMPaqunuLjqzMcVNPXXaCBO0YHICDtDEctQ8k4NtU+eU5JYTWBZ06QJIdTdE40MTE8kGXW0RckAHvMEK51FwHICZXOQbAzddx68hQT/lZ95MoQFR5Fo8Eeb2i8gUFfA/9YCueZKZRdex/e0J4BYFSQXA6FqeC6yX76cm5K+Ful1+zU/T2lYuh/jkORnD2RVSTvM+hktxcU3zt5o2QVXXb/HhbDCJi0zr407VjuXTpncfSPgTgWH36v/nqVFroBMr+90drMF5gMzQyZdE1QdmGDwNiER3prsHYuBRg0MDy6XJnMaICSEkxUrk3LaAQnSRBiz4Dyd0ixp2WMJEJPVOTuItdIzqD51YMyomlnraviI15C1ZLlhB322tcnutBrxBXUc+RfnZOjv8uH66noLpV23zzGQ9tu8NxaJ0i1seQYC1BlXMqjM8+MC/Bcpd4tTWbU5gfoqvFFPH5nNktPxGSrMcxiawRAPAsywJRxwlqFKgyaJ5h0X0qph2Tw3b4njzVvLVZPnjgx70wIKb5DiR0J9mAj5JTnQxzYJL1UxodIjqFkpzeHy9YlbcN2dkwYcJKh6nTo1zDz1gmh7W836UOXnMF95Q1TDGVRQXHdCGvh5xq+pT/0nw==;
Path=/; Max-Age=31536000; Expires=Wed, 04-Mar-2015 08:23:46 GMT; HttpOnly]
[09:23:46] INFO [si.najdi.web.pages.Prijava]: User with username 'lidija'
has logged in.
Regards,
Lidija
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Lidija Dolinar <li...@gmail.com>.
Lenny and Kalle, thank you for your responses.
On Tue, Feb 25, 2014 at 10:26 PM, Kalle Korhonen <kalle.o.korhonen@gmail.com
> wrote:
>
>
> Shiro makes a strong separation between remembered and authenticated use
> cases. It depends on your security settings whether you want to allow
> remembered only users.
How should the security settings be set to allow RememberMe functionality?
> The built-in Shiro rememberMe cookie is in not
> secure. I've written about the topic several times. RollingTokenRealm (at
> the end of http://tynamo.org/tynamo-federatedaccounts+guide) was born out
> of the need to support a (more) secure rememberMe use case. (And to Lenny,
> no, productionMode does not effect this functionality in any way).
>
You're right - I tried running the application in production mode but the
effect is the same - no cookie is created in either case.
I'm aware of the fact that the rememberMe cookie is not secure. Also, we're
using Hibernate - as I see RollingTokenRealm currently only supports JPA.
> Are you sure the cookie isn't created or it just doesn't work the way you
> expected? I.e. user is not logged in.
>
>
No, the cookie isn't created. The user logs in successfully into our web
application, but there is no "rememberMe" cookie.
I tried different browsers (Firefox, Chrome, IE) and platforms (Linux /
Windows).
Regards,
Lidija
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Kalle Korhonen <ka...@gmail.com>.
On Mon, Feb 24, 2014 at 11:44 PM, Lidija Dolinar <li...@gmail.com>wrote:
> I tried "Remember Me" functionality here:
> http://tynamo-federatedaccounts.tynamo.org/ (live demo webapp) but the
> user
> isn't remembered.
> When I check the "Remember Me" checkbox and login, the cookie "rememberMe"
> is created. After I close the browser and reopen it again I'm not logged
> in. Am I missing something here?
>
Shiro makes a strong separation between remembered and authenticated use
cases. It depends on your security settings whether you want to allow
remembered only users. The built-in Shiro rememberMe cookie is in not
secure. I've written about the topic several times. RollingTokenRealm (at
the end of http://tynamo.org/tynamo-federatedaccounts+guide) was born out
of the need to support a (more) secure rememberMe use case. (And to Lenny,
no, productionMode does not effect this functionality in any way).
>
> I'm struggling with the creation of the "rememberMe" cookie. This is my
> Login.java:
>
> public Object onActionFromJsecLoginForm() {
> Subject currentUser = securityService.getSubject();
> if (currentUser == null) {
> throw new IllegalStateException("Subject can`t be null");
> }
> UsernamePasswordToken token = new UsernamePasswordToken(jsecLogin,
> jsecPassword);
> token.setRememberMe(true);
>
> try {
> currentUser.login(token);
> }
> ...
> }
> However, the cookie "rememberMe" isn't created :-/. What am I missing?
>
Are you sure the cookie isn't created or it just doesn't work the way you
expected? I.e. user is not logged in.
Kalle
Re: shiro UsernamePasswordToken "RememberMe" problems
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
I believe that "remember me" works only in production mode by default.
On Feb 25, 2014, at 2:44 AM, Lidija Dolinar wrote:
> Hi,
>
> I tried "Remember Me" functionality here:
> http://tynamo-federatedaccounts.tynamo.org/ (live demo webapp) but the user
> isn't remembered.
>
> When I check the "Remember Me" checkbox and login, the cookie "rememberMe"
> is created. After I close the browser and reopen it again I'm not logged
> in. Am I missing something here?
>
> I'm struggling with the creation of the "rememberMe" cookie. This is my
> Login.java:
>
>
> public Object onActionFromJsecLoginForm() {
> Subject currentUser = securityService.getSubject();
> if (currentUser == null) {
> throw new IllegalStateException("Subject can`t be null");
> }
>
> UsernamePasswordToken token = new UsernamePasswordToken(jsecLogin,
> jsecPassword);
> token.setRememberMe(true);
>
> try {
> currentUser.login(token);
> }
> ...
> }
>
>
> This is taken from shiro documentation (
> https://shiro.apache.org/authentication.html):
>
> //Example using most common scenario of username/password
> pair:UsernamePasswordToken token = new UsernamePasswordToken(username,
> password);
> //"Remember Me" built-in:token.setRememberMe(true);
>
>
>
> However, the cookie "rememberMe" isn't created :-/. What am I missing?
>
>
> Regards,
> Lidija
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org