Les,
I've grabbed the latest snapshot and tried it out, but I think there is
still something wrong with cookies. Were you able to get this example to
run properly with the latest shiro code?
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicketstuff-core/shiro-security/wicket-shiro-examples/shiro-example-spring-hibernate-native/
I'm getting an exception when I log out. See below.
Also, in my real application, I'm getting strange behavior with the
following code:
SecurityUtils.getSubject().getPrincipal();
About half the time, it returns null. The rest of the time it returns a
valid currently logged in user. Here's some logs when it returns null:
TRACE - DefaultSecurityManager - Context already contains a
SecurityManager instance. Returning.
TRACE - DefaultSecurityManager - No session found in context. Looking
for a session id to resolve in to a session.
TRACE - DefaultSecurityManager - No identity (PrincipalCollection) found
in the context. Looking for a remembered identity.
DEBUG - CookieRememberMeManager - SubjectContext argument is not an
HTTP-aware instance. This is required to obtain a servlet request and
response in order to retrieve the rememberMe cookie. Returning immediately
and ignoring rememberMe operation.
TRACE - DefaultSecurityManager - No remembered identity found.
Returning original context.
Here is the exception on logout in the sample app:
2010-05-15 02:28:59,608 INFO [org.wicketstuff.shiro.page.LogoutPage] -
logout: org.apache.shiro.web.subject.support.webdelegatingsubj...@780eb73e
2010-05-15 02:28:59,608 TRACE
[org.apache.shiro.subject.support.DelegatingSubject] - attempting to get
session; create = false; session is null = false; session has id = true
2010-05-15 02:28:59,608 TRACE
[org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting
to retrieve session with id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
2010-05-15 02:28:59,609 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
calculated path: /
2010-05-15 02:28:59,609 DEBUG [org.apache.shiro.web.servlet.SimpleCookie] -
Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Expires=Fri,
14-May-2010 09:28:59 GMT]
2010-05-15 02:28:59,609 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
Removed 'rememberMe' cookie by setting maxAge=0
2010-05-15 02:28:59,609 DEBUG [org.apache.shiro.mgt.DefaultSecurityManager]
- Logging out subject with primary principal {}1
2010-05-15 02:28:59,609 TRACE
[org.apache.shiro.subject.support.DelegatingSubject] - attempting to get
session; create = false; session is null = false; session has id = true
2010-05-15 02:28:59,609 TRACE
[org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting
to retrieve session with id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
2010-05-15 02:28:59,609 TRACE
[org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting
to retrieve session with id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
2010-05-15 02:28:59,609 TRACE
[org.apache.shiro.subject.support.DelegatingSubject] - attempting to get
session; create = false; session is null = false; session has id = true
2010-05-15 02:28:59,609 TRACE
[org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting
to retrieve session with id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
2010-05-15 02:28:59,609 DEBUG
[org.apache.shiro.session.mgt.AbstractSessionManager] - Stopping session
with id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
2010-05-15 02:28:59,609 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
calculated path: /
2010-05-15 02:28:59,609 DEBUG [org.apache.shiro.web.servlet.SimpleCookie] -
Added HttpServletResponse Cookie [JSESSIONID=deleteMe; Path=/; Expires=Fri,
14-May-2010 09:28:59 GMT]
2010-05-15 02:28:59,609 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
Removed 'JSESSIONID' cookie by setting maxAge=0
2010-05-15 02:28:59,609 TRACE
[org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting
to retrieve session with id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
2010-05-15 02:28:59,610 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
calculated path: /
2010-05-15 02:28:59,610 DEBUG [org.apache.shiro.web.servlet.SimpleCookie] -
Added HttpServletResponse Cookie [JSESSIONID=deleteMe; Path=/; Expires=Fri,
14-May-2010 09:28:59 GMT]
2010-05-15 02:28:59,610 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
Removed 'JSESSIONID' cookie by setting maxAge=0
2010-05-15 02:28:59,610 TRACE
[org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting
to retrieve session with id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
2010-05-15 02:28:59,610 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
calculated path: /
2010-05-15 02:28:59,610 DEBUG [org.apache.shiro.web.servlet.SimpleCookie] -
Added HttpServletResponse Cookie [JSESSIONID=deleteMe; Path=/; Expires=Fri,
14-May-2010 09:28:59 GMT]
2010-05-15 02:28:59,610 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
Removed 'JSESSIONID' cookie by setting maxAge=0
2010-05-15 02:28:59,610 ERROR [org.apache.wicket.RequestCycle] - Can't
instantiate page using constructor public
org.wicketstuff.shiro.example.pages.IndexPage()
org.apache.wicket.WicketRuntimeException: Can't instantiate page using
constructor public org.wicketstuff.shiro.example.pages.IndexPage()
at
org.apache.wicket.session.DefaultPageFactory.createPage(DefaultPageFactory.java:212)
at
org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:57)
at
org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.newPage(BookmarkablePageRequestTarget.java:299)
at
org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.getPage(BookmarkablePageRequestTarget.java:321)
at
org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.respond(BookmarkablePageRequestTarget.java:262)
at
org.apache.wicket.request.AbstractRequestCycleProcessor.respond(AbstractRequestCycleProcessor.java:105)
at
org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1258)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1329)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1428)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:545)
at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:456)
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:289)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1088)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1088)
at
org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1088)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:376)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:309)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1088)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
at
org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:729)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at
org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:829)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:513)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at
org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at
org.apache.wicket.session.DefaultPageFactory.createPage(DefaultPageFactory.java:192)
... 39 more
Caused by: java.lang.IllegalStateException:
org.apache.shiro.session.UnknownSessionException: There is no session with
id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
at
org.apache.shiro.web.servlet.ShiroHttpSession.getAttribute(ShiroHttpSession.java:133)
at
org.apache.wicket.protocol.http.HttpSessionStore.getAttribute(HttpSessionStore.java:69)
at org.apache.wicket.Session.getAttribute(Session.java:1197)
at org.apache.wicket.Session.pageMapForName(Session.java:955)
at org.apache.wicket.PageMap.forName(PageMap.java:80)
at org.apache.wicket.Page.init(Page.java:1215)
at org.apache.wicket.Page.<init>(Page.java:238)
at org.apache.wicket.markup.html.WebPage.<init>(WebPage.java:185)
at org.wicketstuff.shiro.example.pages.BasePage.<init>(BasePage.java:18)
at org.wicketstuff.shiro.example.pages.IndexPage.<init>(IndexPage.java:12)
... 44 more
Caused by: org.apache.shiro.session.UnknownSessionException: There is no
session with id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
at
org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:171)
at
org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:221)
at
org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:217)
at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:123)
at
org.apache.shiro.session.mgt.AbstractSessionManager.getSession(AbstractSessionManager.java:246)
at
org.apache.shiro.session.mgt.AbstractSessionManager.getAttribute(AbstractSessionManager.java:220)
at
org.apache.shiro.mgt.SessionsSecurityManager.getAttribute(SessionsSecurityManager.java:173)
at
org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:188)
at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:122)
at
org.apache.shiro.web.servlet.ShiroHttpSession.getAttribute(ShiroHttpSession.java:131)
... 53 more
2010-05-15 02:28:59,612 TRACE
[org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting
to retrieve session with id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
2010-05-15 02:28:59,612 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
calculated path: /
2010-05-15 02:28:59,612 DEBUG [org.apache.shiro.web.servlet.SimpleCookie] -
Added HttpServletResponse Cookie [JSESSIONID=deleteMe; Path=/; Expires=Fri,
14-May-2010 09:28:59 GMT]
2010-05-15 02:28:59,612 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
Removed 'JSESSIONID' cookie by setting maxAge=0
2010-05-15 02:28:59,612 TRACE
[org.apache.shiro.session.mgt.AbstractValidatingSessionManager] - Attempting
to retrieve session with id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
2010-05-15 02:28:59,612 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
calculated path: /
2010-05-15 02:28:59,612 DEBUG [org.apache.shiro.web.servlet.SimpleCookie] -
Added HttpServletResponse Cookie [JSESSIONID=deleteMe; Path=/; Expires=Fri,
14-May-2010 09:28:59 GMT]
2010-05-15 02:28:59,612 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
Removed 'JSESSIONID' cookie by setting maxAge=0
2010-05-15 02:28:59,613 ERROR [org.mortbay.log] - /account/logout
java.lang.IllegalStateException:
org.apache.shiro.session.UnknownSessionException: There is no session with
id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
at
org.apache.shiro.web.servlet.ShiroHttpSession.getAttribute(ShiroHttpSession.java:133)
at
org.apache.wicket.protocol.http.HttpSessionStore.getAttribute(HttpSessionStore.java:69)
at org.apache.wicket.Session.getAttribute(Session.java:1197)
at org.apache.wicket.Session.pageMapForName(Session.java:955)
at org.apache.wicket.PageMap.forName(PageMap.java:80)
at org.apache.wicket.Page.init(Page.java:1215)
at org.apache.wicket.Page.<init>(Page.java:238)
at org.apache.wicket.markup.html.WebPage.<init>(WebPage.java:185)
at
org.apache.wicket.markup.html.pages.ExceptionErrorPage.<init>(ExceptionErrorPage.java:55)
at
org.apache.wicket.request.AbstractRequestCycleProcessor.respond(AbstractRequestCycleProcessor.java:169)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1379)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1428)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:545)
at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:456)
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:289)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1088)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1088)
at
org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1088)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:376)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:309)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:83)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1088)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
at
org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:729)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at
org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:829)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:513)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at
org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
Caused by: org.apache.shiro.session.UnknownSessionException: There is no
session with id [1aaa6687-6874-4c74-ba24-b74b491e9a8a]
at
org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:171)
at
org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:221)
at
org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:217)
at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:123)
at
org.apache.shiro.session.mgt.AbstractSessionManager.getSession(AbstractSessionManager.java:246)
at
org.apache.shiro.session.mgt.AbstractSessionManager.getAttribute(AbstractSessionManager.java:220)
at
org.apache.shiro.mgt.SessionsSecurityManager.getAttribute(SessionsSecurityManager.java:173)
at
org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:188)
at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:122)
at
org.apache.shiro.web.servlet.ShiroHttpSession.getAttribute(ShiroHttpSession.java:131)
... 42 more
2010-05-15 02:28:59,653 TRACE
[org.apache.shiro.web.servlet.OncePerRequestFilter] - Filter 'null' not yet
executed. Executing now.
2010-05-15 02:28:59,653 TRACE [org.apache.shiro.mgt.DefaultSecurityManager]
- Context already contains a SecurityManager instance. Returning.
2010-05-15 02:28:59,653 TRACE [org.apache.shiro.mgt.DefaultSecurityManager]
- No session found in context. Looking for a session id to resolve in to a
session.
2010-05-15 02:28:59,653 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
No value found in request Cookies under cookie name [JSESSIONID]
2010-05-15 02:28:59,653 TRACE [org.apache.shiro.mgt.DefaultSecurityManager]
- No identity (PrincipalCollection) found in the context. Looking for a
remembered identity.
2010-05-15 02:28:59,653 TRACE [org.apache.shiro.web.servlet.SimpleCookie] -
No value found in request Cookies under cookie name [rememberMe]
2010-05-15 02:28:59,653 TRACE [org.apache.shiro.mgt.DefaultSecurityManager]
- No remembered identity found. Returning original context.
2010-05-15 02:28:59,654 TRACE
[org.apache.shiro.subject.support.DelegatingSubject] - attempting to get
session; create = false; session is null = true; session has id = false
2010-05-15 02:28:59,654 TRACE
[org.apache.shiro.web.servlet.AbstractShiroFilter] - No FilterChain
configured for the current request. Using the default.
2010-05-15 02:28:59,654 TRACE
[org.apache.shiro.web.servlet.OncePerRequestFilter] - Filter 'null' already
executed. Proceeding without invoking this filter.
