You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by yockii <xu...@gmail.com> on 2011/11/21 08:53:35 UTC

missing subject after request a not mapping url

Hi,
  im using shiro with spring & springMvc, it worked but if i request a none
mapped url(and web container returns a 404 page), the subject in the session
seems to be cleared, then any url need authc shiro redirects me to the login
page, does any one has any ideas?

Thanks All,
Yockii Hsu

--
View this message in context: http://shiro-user.582556.n2.nabble.com/missing-subject-after-request-a-not-mapping-url-tp7015626p7015626.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: missing subject after request a not mapping url

Posted by yockii <xu...@gmail.com>.

Hi Les,
  Thank you for your reply.
  my error pages are configured in the web.xml with <error-page>
  then the shiro urls are configured as following:
 <property name="filterChainDefinitions">
    <value>
        /user/** = authc
        /article/** = authc
    </value>
 </property>

the behavior is when I visit /user/, it redirects me to the login page,
after login, the /user/** can be shown as expected, but then visit the
/article/1 which has not been created (springMvc info shows no mapping), the
tomcat returns a 404 error page defined in the web.xml, in this case, I am
been redirected to login even when I visit /user/ again.



--
View this message in context: http://shiro-user.582556.n2.nabble.com/missing-subject-after-request-a-not-mapping-url-tp7015626p7018689.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: missing subject after request a not mapping url

Posted by Les Hazlewood <lh...@apache.org>.

Hi Yockii,

What is the desired behavior?  What do you want to happen in this case?

It is pretty common in many websites that an unauthenticated user is
redirected to the login page, even if the original target would result
in an error (e.g. 404, 500, etc).  Most people leave this alone and
are fine with it.

However, if this isn't the desired behavior, I've seen people create a
controller dedicated to errors and allow that to be anonymous.  For
example:

[urls]
...
/error.jsp = anon
/404.jsp = anon
# etc.
/** = authc

Cheers,

Les

On Sun, Nov 20, 2011 at 11:53 PM, yockii <xu...@gmail.com> wrote:
> Hi,
>  im using shiro with spring & springMvc, it worked but if i request a none
> mapped url(and web container returns a 404 page), the subject in the session
> seems to be cleared, then any url need authc shiro redirects me to the login
> page, does any one has any ideas?
>
> Thanks All,
> Yockii Hsu
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/missing-subject-after-request-a-not-mapping-url-tp7015626p7015626.html
> Sent from the Shiro User mailing list archive at Nabble.com.

Re: missing subject after request a not mapping url

Posted by songofhawk <so...@gmail.com>.

where's the mistake? i meet the same problem, the server always return 404
after add ehcache configuration with shiro.



--
View this message in context: http://shiro-user.582556.n2.nabble.com/missing-subject-after-request-a-not-mapping-url-tp7015626p7579745.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: missing subject after request a not mapping url

Posted by yockii <xu...@gmail.com>.

Hi All,
   I've found that if I made a mistake here, i set the cacheManager to
ehcache with:

<bean id="shiroCacheManager"
class="org.apache.shiro.cache.ehcache.EhCacheManager">
  <property name="cacheManager" ref="cacheManager"></property>
</bean>

and also set the sessionDAO as following:
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
  <property name="sessionDAO" ref="sessionDAO"/>
</bean>
<bean id="sessionDAO"
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>

(these are all in securityManager bean properties), the main configuration
is here:


        <bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
		<property name="realm" ref="myRealm"/>
		<property name="cacheManager" ref="shiroCacheManager"/>
		<property name="sessionMode" value="native" />
		<property name="sessionManager" ref="sessionManager"/>
	</bean>
	<bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
	<bean id="shiroCacheManager"
class="org.apache.shiro.cache.ehcache.EhCacheManager">
		<property name="cacheManager" ref="cacheManager"></property>
	</bean>
	
	<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
		<property name="sessionDAO" ref="sessionDAO"/>
	</bean>
	
	<bean id="sessionDAO"
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
		
	</bean>
	<bean id="myRealm" class="com.****.service.security.ShiroDbRealm">
		<property name="credentialsMatcher" ref="credentialsMatcher"/>
	</bean>
	
	<bean id="credentialsMatcher"
class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
	  
	  <property name="storedCredentialsHexEncoded" value="false" />
	  <property name="hashAlgorithmName" value="SHA-256" />
	  
	  
	</bean>

--
View this message in context: http://shiro-user.582556.n2.nabble.com/missing-subject-after-request-a-not-mapping-url-tp7015626p7019336.html
Sent from the Shiro User mailing list archive at Nabble.com.