You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2008/12/28 20:56:46 UTC

[jira] Resolved: (JSEC-33) Infinite Loop -- DefaultWebSecurityManager, JSecurityHttpServletRequest, Non-Http Sessions

     [ https://issues.apache.org/jira/browse/JSEC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Les Hazlewood resolved JSEC-33.
-------------------------------

    Resolution: Cannot Reproduce

What is your configuration?

The above stack trace cannot occur if the sessionMode = "jsecurity", as should be the case if not using http sessions (as you indicate).

The ServletContainerSessionManager implementation (indicated in your stack trace) is only instantiated if the DefaultWebSecurityManager's sessionMode is not overridden to be "jsecurity".  That means that http sessions are being used.

After running two tests verifying configuration (last two methods here: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/test/org/jsecurity/web/servlet/JSecurityFilterTest.java?view=markup&pathrev=729768), I'm resolving this issue unless you are still having problems.

If you re-open the issue, please attach your config.

Thanks,

Les

> Infinite Loop -- DefaultWebSecurityManager, JSecurityHttpServletRequest, Non-Http Sessions
> ------------------------------------------------------------------------------------------
>
>                 Key: JSEC-33
>                 URL: https://issues.apache.org/jira/browse/JSEC-33
>             Project: JSecurity
>          Issue Type: Bug
>    Affects Versions: 0.9
>            Reporter: Andrew Zeneski
>            Assignee: Les Hazlewood
>             Fix For: 1.0
>
>
> Infinite loop when using DefaultWebSecurityManager and non-http sessions.
> createSubject():204, DefaultWebSecurityManager calls
> createSubject():208, DefaultWebSecurityManager calls
> getSession():71, ServletContainerSessionManager calls
> getSession():149, JSecurityHttpServletRequest calls
> getSubject():90, JSecurityHttpServletRequest calls
> getSubject():53, SecurityUtils calls
> getSubject():426, DefaultSecurityManager calls,
> getSubject():419, DefaultSecurityManager calls,
> createSubject():204, DefaultWebSecurityManager
> Then loops again...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.