You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Ryan McKinley (JIRA)" <ji...@apache.org> on 2010/05/18 06:16:42 UTC
[jira] Commented: (SHIRO-164) The request/response pair should be
available at all times to web-related components
[ https://issues.apache.org/jira/browse/SHIRO-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12868520#action_12868520 ]
Ryan McKinley commented on SHIRO-164:
-------------------------------------
This problem also surfaces (intermittently) with wicket. I often see an error that looks like:
java.lang.IllegalStateException: No ServletRequest found in ThreadContext. Make sure WebUtils.bind() is being called. (typically called by AbstractShiroFilter) This could also happen when running integration tests that don't properly call WebUtils.bind().
at org.apache.shiro.web.WebUtils.getRequiredServletRequest(WebUtils.java:472)
at org.apache.shiro.web.session.ServletContainerSessionManager.doGetSession(ServletContainerSessionManager.java:68)
at org.apache.shiro.session.mgt.AbstractSessionManager.getSession(AbstractSessionManager.java:246)
at org.apache.shiro.session.mgt.AbstractSessionManager.getAttribute(AbstractSessionManager.java:220)
at org.apache.shiro.mgt.SessionsSecurityManager.getAttribute(SessionsSecurityManager.java:173)
at org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:188)
at org.apache.shiro.subject.support.DefaultSubjectContext.resolveAuthenticated(DefaultSubjectContext.java:241)
at org.apache.shiro.web.mgt.DefaultWebSubjectFactory.createSubject(DefaultWebSubjectFactory.java:57)
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:340)
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:819)
at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:101)
at org.apache.shiro.web.servlet.AbstractShiroFilter.bind(AbstractShiroFilter.java:215)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:307)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1190)
> The request/response pair should be available at all times to web-related components
> ------------------------------------------------------------------------------------
>
> Key: SHIRO-164
> URL: https://issues.apache.org/jira/browse/SHIRO-164
> Project: Shiro
> Issue Type: Bug
> Components: Session Management
> Reporter: Tauren Mills
>
> According to Les, for web-initiated interaction, you should not be seeing these messages:
> DEBUG - DefaultWebSessionManager - No request or response bound to
> the thread. Session ID cookie cannot be removed. This could occur in
> a web application that also services non web clients (e.g. RMI
> remoting).
> DEBUG - DefaultWebSessionManager - Request or response object is not
> bound to the thread. Assuming this session start activity is due to a
> non web request (possible in a web application that also services non
> web clients.
> Full thread available here, with logs:
> http://shiro-user.582556.n2.nabble.com/Intermittent-problems-with-SecurityUtils-getSubject-getPrincipal-td5067869.html#a5068081
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.