RE: Subject reset when page refreshed with F5 the second time

Thu, 02 Apr 2009 12:22:29 -0700 

 

 

Careless on my part to not read the entire documentation. Seems I needed
to use DefaultWebSecurityManager and configure a filter.

Removed the bootstrap code and added a filter:

 

class JSecurityFilters {

 

    SecurityManager securityManager = null;

 

    SecurityManager getSecurityManager() {

        if (securityManager == null) {

            synchronized (JSecurityFilters.class) {

                if (securityManager == null) {

                    // Initialize the jSecurity realm

                    securityManager = new DefaultWebSecurityManager();

                    securityManager.setRealm(new MyCustomRealm());

                    SecurityUtils.setSecurityManager(securityManager);

                }

            }

        }

        return securityManager

    }

 

    def filters = {

        securityFilter(controller: '*', action: '*') {

            before = {

                ThreadContext.bind(WebUtils.getInetAddress(request))

                WebUtils.bind(request)

                WebUtils.bind(response)

                ThreadContext.bind(getSecurityManager())

                ThreadContext.bind(getSecurityManager().getSubject())

 

                return true

            }

            afterView = {

 

                ThreadContext.unbindSubject()

                ThreadContext.unbindSecurityManager()

                WebUtils.unbindServletResponse()

                WebUtils.unbindServletRequest()

                ThreadContext.unbindInetAddress()

 

            }

        }

    }

}

 

Stuff seems to be working for now unless I have missed other pointers ;)

 

Shams

 

________________________________

From: Imam, Shams [mailto:[email protected]] 
Sent: Thursday, April 02, 2009 9:42 AM
To: [email protected]
Subject: Subject reset when page refreshed with F5 the second time

 

Hi everyone,

I'm new to both Grails and JSecurity. I'm trying to integrate JSecurity
into our existing webapp.

I've implemented a custom Realm and am using a 'non-remember me' token.
My Account returns  

string-based permissions.

Now to the actual problem I'm facing: Whenever I refresh a page using F5
on Firefox (haven't tested 

on other browsers yet) my Subject gets reset the second time. However,
if I continue browsing the 

pages by clicking on the various links my Subject doesn't get reset. Any
idea why this is happening 

and how I can avoid the Subject reset?

Below is a summary of my grails bootstrap code and log outputs.

 Code in Grails Bootstrap:

 =========================

    def init = {servletContext ->

        println '--- BootStrap ---'

                

        // Initialize the jSecurity realm

        DefaultSecurityManager securityManager = new
DefaultSecurityManager();

        securityManager.setRealm(new MyCustomRealm());

        SecurityUtils.setSecurityManager(securityManager);

        println '1a - ThreadContext.securityManager: ' +
org.jsecurity.util.ThreadContext.getSecurityManager()

        println '1b - ThreadContext.securityManager.subject: ' +
org.jsecurity.util.ThreadContext.getSecurityManager()?.getSubject()

        println '2 - SecurityUtils.securityManager.subject' +
org.jsecurity.SecurityUtils.securityManager?.getSubject()

    }

 Summary of Console Outputs:

 ===========================

 --- BootStrap ---

 1a - ThreadContext.securityManager: null

 1b - ThreadContext.securityManager.subject: null

 2 -
SecurityUtils.securityManager.subjectorg.jsecurity.subject.DelegatingSub
j...@165391b

 // The login page

 session.originalRequestParams.zipcode = 76092

 hasPermission:'admin|reviewer' -> false : JSecurity Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@13f8
66 with timeout 1800000 and principal null Grails session  id:
4v2u9cqs9y4i

 1a - ThreadContext.securityManager: null

 2 -
SecurityUtils.securityManager.subjectorg.jsecurity.subject.DelegatingSub
j...@17ff60e

 // Login successful

 Login: Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5
ee with timeout 1800000

 // Home page after login

 hasPermission:'admin|reviewer' -> true : JSecurity Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5
ee with timeout 1800000 and principal Test:REVIEWER Grails  session id:
4v2u9cqs9y4i

 1a - ThreadContext.securityManager: null

 2 -
SecurityUtils.securityManager.subjectorg.jsecurity.subject.DelegatingSub
j...@17ff60e

 lacksPermission:'admin|reviewer' -> false : Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5
ee with timeout 1800000 and principal Test:REVIEWER

 // Refresh using F5 first time

 hasPermission:'admin|reviewer' -> true : JSecurity Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5
ee with timeout 1800000 and principal Test:REVIEWER Grails session id:
4v2u9cqs9y4i

 1a - ThreadContext.securityManager: null

 2 -
SecurityUtils.securityManager.subjectorg.jsecurity.subject.DelegatingSub
j...@17ff60e

 lacksPermission:'admin|reviewer' -> false : Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5
ee with timeout 1800000 and principal Test:REVIEWER

 // Refresh using F5 second time

 hasPermission:'admin|reviewer' -> false : JSecurity Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cc43
64 with timeout 1800000 and principal null Grails session  id:
4v2u9cqs9y4i

 1a - ThreadContext.securityManager: null

 2 -
SecurityUtils.securityManager.subjectorg.jsecurity.subject.DelegatingSub
j...@5c775d

 lacksPermission:'admin|reviewer' -> true : Session:
org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cc43
64 with timeout 1800000 and principal null

 

Thanks,

Shams

Reply via email to