You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Alex Orlov <oo...@mail.ru> on 2020/11/20 20:14:31 UTC
Is it possible to use one SecurityRealm instance in two SecurityManagers?
I have an application that can be accessed by http and rmi protocols.
When an user uses http protocol he passes shiro web filter — everything is clear here, no problem.
I wanted to use the same SecurityManager and for rmi protocol, but, of course, it didn’t work:
22:21:44.599 [HTTP-Dispatcher] WARN org.apache.shiro.authc.AbstractAuthenticator - Authentication failed for token submission [myapp.security.AuthenticationToken@325c75dc]. Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException).
java.lang.IllegalArgumentException: SessionContext must be an HTTP compatible implementation.
at org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103) ~[shiro-all-1.7.0.jar:?]
at org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64) ~[shiro-all-1.7.0.jar:?]
at org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:152) ~[shiro-all-1.7.0.jar:?]
at org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:340) ~[shiro-all-1.7.0.jar:?]
As I understand, for rmi server I must create another security manager:
SecurityManager securityManager = new DefaultSecurityManager(myRealm);
Could anyone say — if it is possible to use the same Realm instance (already initialized) for the second security manager?
--
Best regards, Alex Orlov
Re: Is it possible to use one SecurityRealm instance in two
SecurityManagers?
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
I highly suggest you take a look at https://github.com/flowlogix/flowlogix/tree/master/jakarta-ee/shiro-ee <https://github.com/flowlogix/flowlogix/tree/master/jakarta-ee/shiro-ee>
Although it’s a bit in flux at the moment, it integrates Java EE with Shiro and solves all the problems you are trying to solve.
> On Nov 20, 2020, at 4:42 PM, Brian Demers <br...@gmail.com> wrote:
>
> IIRC you _should_ be able to use the same SecurityManager for web and non-web requests.
>
> However, two different SecurityManager's with the same Realm may cause issues, especially if they are using caches.
> We have a Spring RMI example here: https://github.com/apache/shiro/blob/f782eb1084df73eff3e2ac0f9780cb4a4f429041/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationExecutor.java <https://github.com/apache/shiro/blob/f782eb1084df73eff3e2ac0f9780cb4a4f429041/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationExecutor.java>
>
> (It's been a while since I've done anything with RMI, so someone else might be able to give you better advice)
>
> On Fri, Nov 20, 2020 at 3:14 PM Alex Orlov <ooo_saturn7@mail.ru <ma...@mail.ru>> wrote:
> I have an application that can be accessed by http and rmi protocols.
>
> When an user uses http protocol he passes shiro web filter — everything is clear here, no problem.
> I wanted to use the same SecurityManager and for rmi protocol, but, of course, it didn’t work:
>
> 22:21:44.599 [HTTP-Dispatcher] WARN org.apache.shiro.authc.AbstractAuthenticator - Authentication failed for token submission [myapp.security.AuthenticationToken@325c75dc]. Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException).
> java.lang.IllegalArgumentException: SessionContext must be an HTTP compatible implementation.
> at org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103) ~[shiro-all-1.7.0.jar:?]
> at org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64) ~[shiro-all-1.7.0.jar:?]
> at org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:152) ~[shiro-all-1.7.0.jar:?]
> at org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:340) ~[shiro-all-1.7.0.jar:?]
>
> As I understand, for rmi server I must create another security manager:
> SecurityManager securityManager = new DefaultSecurityManager(myRealm);
>
> Could anyone say — if it is possible to use the same Realm instance (already initialized) for the second security manager?
>
>
> --
> Best regards, Alex Orlov
Re: Is it possible to use one SecurityRealm instance in two SecurityManagers?
Posted by Brian Demers <br...@gmail.com>.
IIRC you _should_ be able to use the same SecurityManager for web and
non-web requests.
However, two different SecurityManager's with the same Realm may cause
issues, especially if they are using caches.
We have a Spring RMI example here:
https://github.com/apache/shiro/blob/f782eb1084df73eff3e2ac0f9780cb4a4f429041/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationExecutor.java
(It's been a while since I've done anything with RMI, so someone else might
be able to give you better advice)
On Fri, Nov 20, 2020 at 3:14 PM Alex Orlov <oo...@mail.ru> wrote:
> I have an application that can be accessed by http and rmi protocols.
>
> When an user uses http protocol he passes shiro web filter — everything is
> clear here, no problem.
> I wanted to use the same SecurityManager and for rmi protocol, but, of
> course, it didn’t work:
>
> 22:21:44.599 [HTTP-Dispatcher] WARN
> org.apache.shiro.authc.AbstractAuthenticator - Authentication failed for
> token submission [myapp.security.AuthenticationToken@325c75dc]. Possible
> unexpected error? (Typical or expected login exceptions should extend from
> AuthenticationException).
> java.lang.IllegalArgumentException: SessionContext must be an HTTP
> compatible implementation.
> at
> org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103)
> ~[shiro-all-1.7.0.jar:?]
> at
> org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64)
> ~[shiro-all-1.7.0.jar:?]
> at
> org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:152)
> ~[shiro-all-1.7.0.jar:?]
> at
> org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:340)
> ~[shiro-all-1.7.0.jar:?]
>
> As I understand, for rmi server I must create another security manager:
> SecurityManager securityManager = new DefaultSecurityManager(myRealm);
>
> Could anyone say — if it is possible to use the same Realm instance
> (already initialized) for the second security manager?
>
>
> --
> Best regards, Alex Orlov
>