You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Pillar <so...@hotmail.com> on 2013/01/17 05:19:21 UTC
Can't understand Shiro behavior on custom login page request
I'm using Apache Shiro to secure my Spring MVC application. This is my
config:
<bean id = "hibernateRealm" class =
"com.bidapp.presentation.shiro.HibernateRealm" />
<bean id = "securityManager" class =
"org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name = "realm" ref = "hibernateRealm" />
</bean>
<bean id = "lifecycleBeanPostProcessor" class =
"org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<bean id = "shiroFilter" class =
"org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name = "securityManager" ref = "securityManager" />
</bean>
In web.xml (among other things)
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
My login page is at `context/account/login`. When I try to submit the form,
I get a 400 HTTP error code with message `The request sent by the client was
syntactically incorrect ().` and the following is logged by Shiro
365348 [http-bio-8080-exec-5] TRACE o.a.s.w.s.OncePerRequestFilter -
Filter 'shiroFilter' not yet executed. Executing now.
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager -
Context already contains a SecurityManager instance. Returning.
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager -
No identity (PrincipalCollection) found in the context. Looking for a
remembered identity.
365349 [http-bio-8080-exec-5] TRACE o.a.shiro.web.servlet.SimpleCookie -
No 'rememberMe' cookie value
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager -
No remembered identity found. Returning original context.
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject -
attempting to get session; create = false; session is null = true; session
has id = false
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject -
attempting to get session; create = false; session is null = true; session
has id = false
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject -
attempting to get session; create = false; session is null = true; session
has id = false
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject -
attempting to get session; create = false; session is null = true; session
has id = false
365349 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext
- Bound value of type
[org.apache.shiro.web.subject.support.WebDelegatingSubject] for key
[org.apache.shiro.util.ThreadContext_SUBJECT_KEY] to thread
[http-bio-8080-exec-5]
365349 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext
- Bound value of type [org.apache.shiro.web.mgt.DefaultWebSecurityManager]
for key [org.apache.shiro.util.ThreadContext_SECURITY_MANAGER_KEY] to thread
[http-bio-8080-exec-5]
365349 [http-bio-8080-exec-5] TRACE o.a.s.w.servlet.AbstractShiroFilter
- No FilterChain configured for the current request. Using the default.
365351 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext
- get() - in thread [http-bio-8080-exec-5]
365351 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext
- Retrieved value of type
[org.apache.shiro.web.subject.support.WebDelegatingSubject] for key
[org.apache.shiro.util.ThreadContext_SUBJECT_KEY] bound to thread
[http-bio-8080-exec-5]
365351 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject -
attempting to get session; create = false; session is null = true; session
has id = false
The really weird thing is that I can click `back` and then `forward` on my
browser and it brings me to the correct **authenticated** web page. I tried
debugging and my `Controller` never even gets called. What the hell is going
on?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Can-t-understand-Shiro-behavior-on-custom-login-page-request-tp7578176.html
Sent from the Shiro User mailing list archive at Nabble.com.