this what happens on server side when I call my "Login" remote bean
2009-10-30 09:34:01,718 DEBUG
(org.apache.shiro.authc.credential.SimpleCredentialsMatcher:100)
Performing credentials equality check for tokenCredentials of type
[org.apache.shiro.crypto.hash.Sha256Hash and accountCredentials of type
[org.apache.shiro.crypto.hash.Sha256Hash]
2009-10-30 09:34:01,718 DEBUG
(org.apache.shiro.authc.AbstractAuthenticator:217) Authentication
successful for token [org.apache.shiro.authc.UsernamePasswordToken - user1,
rememberMe=true]. Returned account
[org.apache.shiro.subject.simpleprincipalcollect...@4930af45]
2009-10-30 09:34:01,796 DEBUG
(org.apache.shiro.web.attr.AbstractWebAttribute:171) No 'editorClass'
property set - returning value.toString() as the string value for method
argument.
2009-10-30 09:34:01,796 DEBUG
(org.apache.shiro.web.attr.CookieAttribute:350) Added Cookie
[rememberMe] to path [/SpringRemoting] with value
[UwP13UzjVUceLBNWh+sYM01JWOSbBOwc1ZLySIws0IdnkcWeD/yWeH0eIycwHaI8MRKPyenBr76EoLkEZnXSz4i27cTTUps5qOgU/ZQLdvIOxlZxmT9RlUvKT6zopnQrSpdsCNaruG/Op/XEoJcdNLI9rJCCyMKN3em5wl8GrWTIzKS4hzHombGBEW4EPS9jv40HV4mIS2sUFXm5MlOptr99e1A6eKYxlLrldk2/yqw29nWohE0sIjO7tRF9mOAZUeC/Fem6K4S82LbXAJ6p0oNg3MP7dbFSkeeDF2CwFJvvi5xVrGyF0aKk8JzBHKzmRgLAreVAMGR0L2hGHOgIP/uup6KzE3QFZJpPSCmtcRZASMTpLxTpiiTHhVmB9Hf42eGB9vfoR9QFfK0U+in7fyrWyyAs3GPdM884yP9B8YdVfqUzqWhbzMDdUgS0PKpc3QsBDOqdsLzOpvUImFdomuk+RZ98i28s/KP1puAwmeo=]
to the HttpServletResponse
2009-10-30 09:34:01,890 DEBUG
(org.apache.shiro.session.mgt.AbstractValidatingSessionManager:233)
No sessionValidationScheduler set. Attempting to create default instance.
2009-10-30 09:34:01,890 INFO
(org.apache.shiro.session.mgt.AbstractValidatingSessionManager:250)
Enabling session validation scheduler...
2009-10-30 09:34:01,906 DEBUG
(org.apache.shiro.session.mgt.DefaultSessionManager:158) Creating new
EIS record for new session instance
[org.apache.shiro.session.mgt.SimpleSession,id=null]
2009-10-30 09:34:01,906 DEBUG
(org.apache.shiro.web.attr.AbstractWebAttribute:171) No 'editorClass'
property set - returning value.toString() as the string value for method
argument.
2009-10-30 09:34:01,984 DEBUG
(org.apache.shiro.web.attr.CookieAttribute:350) Added Cookie
[JSESSIONID] to path [/SpringRemoting] with value
[9d70ee0a-94bf-4a28-b07b-6b7212b0066a] to the HttpServletResponse
As I understand there is no problem at server side. Session is created and
id is returned to client.
this is what I get on client:
LoginManagerRemote loginManager = (LoginManagerRemote)
ctx.getBean("loginManager");
UserRemote user = loginManager.login();
log.info("user name: " + user.getName());
log.info("sesssionId: " + user.getSessionId());
2009-10-30 09:34:02,000 INFO
(com.springbook.client.RemotingTest:51) user name: user1
2009-10-30 09:34:02,000 INFO
(com.springbook.client.RemotingTest:52) sesssionId:
9d70ee0a-94bf-4a28-b07b-6b7212b0066a
As you see the same session I get on client. so for a while everythink is
ok.
but when I call secutity bean.
Subject subject = new
Subject.Builder().sessionId(user.getSessionId()).buildSubject();
ThreadState threadState = new SubjectThreadState(subject);
threadState.bind();
try {
SampleManager sampleManager = (SampleManager)
ctx.getBean("sampleManager");
//sampleManager.secureMethod1();
} finally {
threadState.clear();
}
I get
Exception in thread "main" java.lang.IllegalStateException: No
SecurityManager accessible to the calling code, either bound to the
org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an
invalid application configuration.
at
org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:115)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:550)
at com.springbook.client.RemotingTest.test(RemotingTest.java:67)
at com.springbook.client.RemotingTest.main(RemotingTest.java:36)
As I understand "Subject subject = new
Subject.Builder().sessionId(user.getSessionId()).buildSubject();"
do not create any SecurityManager but remote invocation needs one so... how
to solve it.
And about spring web example. it looks like jnlp uses system property
<property name="shiro.session.id" value="some session id"/> but if I need
authorization against multiple sources?
And I do no understand: WebStartView line 163 (test.setSampleManager(new
DefaultSampleManager());)
why new instance of DefaultSampleManager is inited? shouldn't it be taken
from spring ben instead as remote bean?
Les Hazlewood-2 wrote:
>
> Hi Narcom,
>
> You only want to use the Subject.Builder in special situations. You
> should almost always use SecurityUtils.getSubject().
>
> The reason this is failing for you is that the user.getSessionId()
> call is trying to reference a session that doesn't exist yet. When
> you instantiate a new SecurityManager, it in turn uses a new
> SessionManager, and that SessionManager doesn't have any sessions yet.
> I think you'd want to reference the remote SecurityManager instead.
>
> That is:
>
> Subject subject = new
> Subject.Builder(remoteSecurityManager).sessionId(user.getSessionId()).buildSubject();
>
> I'll check out the WebStart example this weekend to see what might be
> wrong - it hasn't been updated in a while.
>
> Cheers,
>
> Les
>
> On Thu, Oct 29, 2009 at 2:00 PM, Narcom <[email protected]> wrote:
>>
>> I am not sure it is some kind of "issue". May be I do not understand
>> smth. It
>> looks like on secure bean call it tries to get SecurityManager but cannot
>> find one because I did not inited one (but should I create one?)
>>
>> If I create one as mentioned in Quickstart llike this
>> DefaultSecurityManager securityManager = new DefaultSecurityManager();
>> SecurityUtils.setSecurityManager( securityManager );
>> Subject subject = new
>> Subject.Builder().sessionId(user.getSessionId()).buildSubject();
>> ThreadState threadState = new SubjectThreadState(subject);
>> threadState.bind();
>> try {
>> SampleManager sampleManager = (SampleManager)
>> ctx.getBean("sampleManager");
>> //sampleManager.secureMethod1();
>> } finally {
>> threadState.clear();
>> }
>>
>> I get this exception
>> org.apache.shiro.session.UnknownSessionException: There is no session
>> with
>> id [f493926d-b5dc-4488-945e-1aa97145dc7a]
>> at
>> org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:281)
>> at
>> org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:202)
>> .....
>> at
>> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:703)
>> at com.springbook.client.RemotingTest.test(RemotingTest.java:67)
>> at com.springbook.client.RemotingTest.main(RemotingTest.java:36)
>>
>> Should be SecurityManager inited automatically on Subject creation i.e.
>> Subject subject = new
>> Subject.Builder().sessionId(user.getSessionId()).buildSubject();
>>
>> ?
>>
>>
>> Les Hazlewood-2 wrote:
>>>
>>> Hi Narcom,
>>>
>>> Can you please re-post this along with the full stack trace (not just
>>> the SecurityUtils.getSecurityManager line) in a Jira issue? That way
>>> It won't get lost.
>>>
>>> - Les
>>>
>>> On Thu, Oct 29, 2009 at 3:48 AM, Narcom <[email protected]> wrote:
>>>>
>>>> I noticed that java web start GUI application does not start for
>>>> “Apache
>>>> Shiro :: Samples :: Spring”.
>>>>
>>>> I use stand alone java program to access tomcat. Here its code
>>>>
>>>> PropertyConfigurator.configure("web/WEB-INF/log.properties");
>>>> ctx = new
>>>> FileSystemXmlApplicationContext("/web/WEB-INF/remoting-client.xml");
>>>> LoginManagerRemote loginManager = (LoginManagerRemote)
>>>> ctx.getBean("loginManager");
>>>> UserRemote user = loginManager.login();
>>>> log.info("user name: " + user.getName());
>>>> log.info("sesssionId: " + user.getSessionId());
>>>>
>>>> SampleManager sampleManager = (SampleManager)
>>>> ctx.getBean("sampleManager");
>>>> sampleManager.secureMethod1();
>>>>
>>>> So I write 2 spring remote beans
>>>> first makes login and return jsessionId.
>>>> <bean name="/login"
>>>> class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
>>>> <property name="service" ref="loginManager"/>
>>>> <property name="serviceInterface"
>>>> value="com.springbook.LoginManagerRemote"/>
>>>> </bean>
>>>>
>>>> second is secure bean
>>>>
>>>> <bean name="/sampleManager"
>>>> class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
>>>> <property name="service" ref="sampleManager"/>
>>>> <property name="serviceInterface"
>>>> value="my.samples.shiro.spring.SampleManager"/>
>>>> <property name="remoteInvocationExecutor"
>>>> ref="secureRemoteInvocationExecutor"/>
>>>> </bean>
>>>>
>>>> What should I do to call secure bean from my standalone client?
>>>>
>>>> If I just call it after login I get
>>>>
>>>> Exception in thread "main" java.lang.IllegalStateException: No
>>>> SecurityManager accessible to the calling code, either bound to the
>>>> org.apache.shiro.util.ThreadContext or as a vm static singleton. This
>>>> is
>>>> an
>>>> invalid application configuration.
>>>> at
>>>> org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:115)
>>>>
>>>> --
>>>> View this message in context:
>>>> http://n2.nabble.com/Spring-stand-alone-client-tp3910311p3910311.html
>>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://n2.nabble.com/Spring-stand-alone-client-tp3910311p3914503.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>
--
View this message in context:
http://n2.nabble.com/Spring-stand-alone-client-tp3910311p3917279.html
Sent from the Shiro User mailing list archive at Nabble.com.
