You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Pillar <so...@hotmail.com> on 2013/01/17 05:19:21 UTC

Can't understand Shiro behavior on custom login page request

I'm using Apache Shiro to secure my Spring MVC application. This is my
config: 

    
    <bean id = "hibernateRealm" class =
"com.bidapp.presentation.shiro.HibernateRealm" />
      
    <bean id = "securityManager" class =
"org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name = "realm" ref = "hibernateRealm" />
    </bean>
    
    <bean id = "lifecycleBeanPostProcessor" class =
"org.apache.shiro.spring.LifecycleBeanPostProcessor" />
    
    <bean id = "shiroFilter" class =
"org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name = "securityManager" ref = "securityManager" />
    </bean>
    

In web.xml (among other things) 

    <filter>
    <filter-name>shiroFilter</filter-name>
   
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
    <param-name>targetFilterLifecycle</param-name>
    <param-value>true</param-value>
    </init-param>
    </filter>
    
    <filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

My login page is at `context/account/login`. When I try to submit the form,
I get a 400 HTTP error code with message `The request sent by the client was
syntactically incorrect ().` and the following is logged by Shiro 

    365348 [http-bio-8080-exec-5] TRACE o.a.s.w.s.OncePerRequestFilter -
Filter 'shiroFilter' not yet executed.  Executing now. 
    365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager -
Context already contains a SecurityManager instance.  Returning. 
    365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager -
No identity (PrincipalCollection) found in the context.  Looking for a
remembered identity. 
    365349 [http-bio-8080-exec-5] TRACE o.a.shiro.web.servlet.SimpleCookie -
No 'rememberMe' cookie value 
    365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager -
No remembered identity found.  Returning original context. 
    365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject -
attempting to get session; create = false; session is null = true; session
has id = false 
    365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject -
attempting to get session; create = false; session is null = true; session
has id = false 
    365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject -
attempting to get session; create = false; session is null = true; session
has id = false 
    365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject -
attempting to get session; create = false; session is null = true; session
has id = false 
    365349 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext
- Bound value of type
[org.apache.shiro.web.subject.support.WebDelegatingSubject] for key
[org.apache.shiro.util.ThreadContext_SUBJECT_KEY] to thread
[http-bio-8080-exec-5] 
    365349 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext
- Bound value of type [org.apache.shiro.web.mgt.DefaultWebSecurityManager]
for key [org.apache.shiro.util.ThreadContext_SECURITY_MANAGER_KEY] to thread
[http-bio-8080-exec-5] 
    365349 [http-bio-8080-exec-5] TRACE o.a.s.w.servlet.AbstractShiroFilter
- No FilterChain configured for the current request.  Using the default. 
    365351 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext
- get() - in thread [http-bio-8080-exec-5] 
    365351 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext
- Retrieved value of type
[org.apache.shiro.web.subject.support.WebDelegatingSubject] for key
[org.apache.shiro.util.ThreadContext_SUBJECT_KEY] bound to thread
[http-bio-8080-exec-5] 
    365351 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject -
attempting to get session; create = false; session is null = true; session
has id = false 

The really weird thing is that I can click `back` and then `forward` on my
browser and it brings me to the correct **authenticated** web page. I tried
debugging and my `Controller` never even gets called. What the hell is going
on?



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Can-t-understand-Shiro-behavior-on-custom-login-page-request-tp7578176.html
Sent from the Shiro User mailing list archive at Nabble.com.