After PassThruAuthentication HTTP 404 Login.jsp error

["plalithas@hotmail.com" <pl...@hotmail.com>]

Hi,

Before I jump on the issue, I wanted to give a headsup on the login page. We
are using AngularJS for login page. From index.html, using .js files, we are
redirecting to a loing.html.

Coming to the issue, I wanted to disable native session cookies. So, I've
set sessionIdCookieEnabled to false. After that, when I successfully login,
I get HTTP 404 error. I've attached the screen shot.

FYI, I use PassThruAuthenticationFilter for login process. 

Hope I have given all details to understand the issue.

Thanks in advance.

Shiro.ini:
=========
[main]
					
passwordMatcher = org.apache.shiro.authc.credential.SimpleCredentialsMatcher

ds = org.apache.shiro.jndi.JndiObjectFactory
ds.resourceName = java:/comp/env/jdbc/chDB
ds.requiredType = javax.sql.DataSource

jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = SELECT digest FROM users WHERE email = ?
jdbcRealm.userRolesQuery = SELECT r.roleName FROM users_roles u, roles r,
users us WHERE us.email = ? and r.rolesPK = u.rolesPK and u.userId =
us.userId
jdbcRealm.permissionsQuery = SELECT p.name FROM roles_permissions rp,
permissions p, roles r WHERE r.roleName = ? and r.rolesPK = rp.rolesPK and
rp.permission_id = p.permission_id
jdbcRealm.credentialsMatcher = $passwordMatcher
jdbcRealm.dataSource=$ds
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO

securityManager.realms = $jdbcRealm
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.sessionDAO = $sessionDAO

securityManager.sessionManager.sessionIdCookieEnabled = false
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
#authc.loginUrl = /common/views/login.html
#authc.loginUrl = /index.html
#authc.usernameParam = username
#authc.passwordParam = password

[urls]
/private/se/** = anon, roles[SALES_EXE] 
/private/pm/** = anon, roles[PROCUREMENT_MANAGER]
/private/dm/** = anon, roles[DISTRIBUTION_MANAGER]
/private/de/** = anon, roles[DISTRIBUTION_EXE]

#/common/views/login.html = authc
#/index.html = anon, authc
/index.html = anon
/common/** = anon
/plugins/** = anon
/config/** = anon
/css/** = anon
/fonts/** = anon
/images/** = anon

<http://shiro-developer.582600.n2.nabble.com/file/n7578874/Screen_Shot_2016-02-16_at_6.png> 



--
View this message in context: http://shiro-developer.582600.n2.nabble.com/After-PassThruAuthentication-HTTP-404-Login-jsp-error-tp7578874.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

Re: After PassThruAuthentication HTTP 404 Login.jsp error

["plalithas@hotmail.com" <pl...@hotmail.com>]

Today, I've put debug statements on shiro and found that because of
securityManager.sessionManager.sessionIdCookieEnabled = false, it is not
able to get the subject. As it is failing to get the subject, it is going to
org.apache.shiro.subject.Subject.AuthorizationFilter.onAccessDenied() and
erroring out for invalid subject. I've took log for "sessionIdCookieEnabled
= true" and "sessionIdCookieEnabled = false". I've attached the log and
compare screen shots for your reference.

shiro_log-1.txt: with sessionIdCookieEnabled = false
Shiro_log_wSession-1.txt: with sessionIdCookieEnabled = true

<http://shiro-developer.582600.n2.nabble.com/file/n7578876/Screen_Shot_2016-02-17_at_9.png> 
shiro_log_wSession-1.txt
<http://shiro-developer.582600.n2.nabble.com/file/n7578876/shiro_log_wSession-1.txt>  
shiro_log-1.txt
<http://shiro-developer.582600.n2.nabble.com/file/n7578876/shiro_log-1.txt>  



--
View this message in context: http://shiro-developer.582600.n2.nabble.com/After-PassThruAuthentication-HTTP-404-Login-jsp-error-tp7578874p7578876.html
Sent from the Shiro Developer mailing list archive at Nabble.com.