[jira] Issue Comment Edited: (SHIRO-141) Problem with WebRememberMeManager

Natalie Metzger (JIRA) Mon, 08 Mar 2010 07:04:55 -0800

    [ 
https://issues.apache.org/jira/browse/SHIRO-141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12839971#action_12839971
 ]


Natalie Metzger edited comment on SHIRO-141 at 3/8/10 3:04 PM:
---------------------------------------------------------------

Hi all,

as I see it, the problem is somewhat deeper. I have a web application, and my 
subject is a DelegatingSubject with a  DefaultWebSecurityManager. Once I call 
the login() method on this subject, the associated RememberMeManager is unknown 
as DefaultSecurityManager.login() is called. Shouldn't you override login() for 
the DefaultWebSecurityManager to make sure that the correct RememberMeManager 
is set?

Natalie

      was (Author: nmetzger):
    Hi all,

as I see it, the problem is somewhat deeper. I have a web application, and my 
subject is a DelegatingSubject with a  DefaultWebSecurityManager. Once I call 
the login() method on this subject, the associated RememberMeManager is unknown 
as DefaultSecurityManager.login() is called. Shouldn't you add a method 
DefaultWebSecurityManager.login() that just calls super.login()?

Natalie
  
> Problem with WebRememberMeManager
> ---------------------------------
>
>                 Key: SHIRO-141
>                 URL: https://issues.apache.org/jira/browse/SHIRO-141
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in)
>         Environment: Windows vista running Eclipse Galileo v.3.5 w/ Google 
> App Engine plugin - Debug mode
>            Reporter: Chris Dutrow
>            Assignee: Les Hazlewood
>
> I executed the following code to see if I needed to get the current user 
> again after logging out: 
>         Subject currentUser; 
>         currentUser = SecurityUtils.getSubject();   // < --No exception 
>         currentUser = SecurityUtils.getSubject();   // < --No exception 
>         currentUser.logout();                              // < --No 
> exception 
>         currentUser = SecurityUtils.getSubject();   // < --EXCEPTION 
> Resulting in the application throwing a NullPointerException from 
> WebRememberMeManager.  
> Here is the stack trace: (I'm currently trying to learn how to install and 
> use JUnit)
> 32046 [btpool0-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate 
> RememberMeManager instance of type 
> [org.apache.shiro.web.WebRememberMeManager] threw an exception during 
> getRememberedPrincipals(). 
> java.lang.NullPointerException 
>         at 
> org.apache.shiro.web.attr.CookieAttribute.getCookie(CookieAttribute.java:262) 
>         at 
> org.apache.shiro.web.attr.CookieAttribute.removeValue(CookieAttribute.java:357)
>  
>         at 
> org.apache.shiro.web.WebRememberMeManager.forgetIdentity(WebRememberMeManager.java:320)
>  
>         at 
> org.apache.shiro.web.WebRememberMeManager.forgetIdentity(WebRememberMeManager.java:316)
>  
>         at 
> org.apache.shiro.mgt.AbstractRememberMeManager.onRememberedPrincipalFailure(AbstractRememberMeManager.java:547)
>  
>         at 
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:488)
>  
>         at 
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:598)
>  
>         at 
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:486)
>  
>         at 
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:363)
>  
>         at 
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:751) 
>         at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:57) 
>         at burp_erp_t1.TestShiroServlet.login(TestShiroServlet.java:43) 
>         at burp_erp_t1.TestShiroServlet.doPost(TestShiroServlet.java:24) 
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:713) 
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) 
>         at 
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487) 
>         at 
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
>  
>         at 
> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:373)
>  
>         at 
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:306)
>  
>         at 
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)
>  
>         at 
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>  
>         at 
> com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:51)
>  
>         at 
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>  
>         at 
> com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
>  
>         at 
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>  
>         at 
> com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:121)
>  
>         at 
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>  
>         at 
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360) 
>         at 
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) 
>         at 
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181) 
>         at 
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712) 
>         at 
> org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405) 
>         at 
> com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70)
>  
>         at 
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139) 
>         at 
> com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:352)
>  
>         at 
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139) 
>         at org.mortbay.jetty.Server.handle(Server.java:313) 
>         at 
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506) 
>         at 
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:844)
>  
>         at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644) 
>         at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211) 
>         at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381) 
>         at 
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396) 
>         at 
> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)
>  

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Issue Comment Edited: (SHIRO-141) Problem with WebRememberMeManager

Reply via email to