You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Brian Demers (JIRA)" <ji...@apache.org> on 2016/07/15 14:42:20 UTC
[jira] [Closed] (SHIRO-350) Creating a subject should not create a
session
[ https://issues.apache.org/jira/browse/SHIRO-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Demers closed SHIRO-350.
------------------------------
Resolution: Fixed
> Creating a subject should not create a session
> ----------------------------------------------
>
> Key: SHIRO-350
> URL: https://issues.apache.org/jira/browse/SHIRO-350
> Project: Shiro
> Issue Type: Bug
> Affects Versions: 1.2.0
> Reporter: Dan Finkelstein
> Fix For: 1.2.1
>
>
> When the following method is called:
> public Subject getSubjectByLogin(final String login) {
> PrincipalCollection principals = new SimplePrincipalCollection(login, REALM_NAME);
> return new Subject.Builder().principals(principals).buildSubject();
> }
> it throws an exception on buildSubject():
> Caused by: java.lang.IllegalArgumentException: SessionContext must be an HTTP compatible implementation.
> at org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103)
> at org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64)
> at org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:121)
> at org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:336)
> at org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:314)
> at org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(DefaultSubjectDAO.java:182)
> at org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(DefaultSubjectDAO.java:163)
> at org.apache.shiro.mgt.DefaultSubjectDAO.save(DefaultSubjectDAO.java:144)
> at org.apache.shiro.mgt.DefaultSecurityManager.save(DefaultSecurityManager.java:383)
> at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350)
> at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
> It tries to create a session but really should not.
> Please see forum http://shiro-user.582556.n2.nabble.com/Subject-being-changed-td7370203.html for more details
> In our app, in our backoffice area, we display lists of users and their roles, and this functionality is used in this way.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)