SessionID problem

NabbleReallySucks Mon, 11 Mar 2013 16:39:38 -0700

I have no idea how I can fix this or why this is happening.

Environment. I have a web app using Spring MVC and Shiro. I am providing
REST apis for logging in and out as well as getting an accessToken.
Basically created a Poor man's SSO and OAuth provider.


This is my exception


javax.servlet.ServletException: Filtered request failed.

org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:384)

org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)

org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
root cause

java.lang.IllegalArgumentException: The
org.apache.shiro.session.mgt.DelegatingSession implementation requires that
the SessionKey argument returns a non-null sessionId to support the
Session.getId() invocations.

org.apache.shiro.session.mgt.DelegatingSession.<init>(DelegatingSession.java:70)

org.apache.shiro.web.session.mgt.DefaultWebSessionManager.createExposedSession(DefaultWebSessionManager.java:166)

org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:98)

org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)

org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)

org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)

org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
        org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)

org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)

org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)

org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)

org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)

org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)


I have customized a Cache and CacheManager as well as a custom Realm. My
Spring configuration is basically what I found in the docs.

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
       xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>

    
    <bean id="ourRealm"
class="com.blah.account.security.shiro.realm.OurRealm">
        <property name="credentialsMatcher" ref="hashMatcher"/>
    </bean>

    <bean id="hashMatcher"
class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
        <property name="hashAlgorithmName" value="Sha256"/>
        <property name="hashIterations" value="1024"/>
        <property name="storedCredentialsHexEncoded" value="false"/>
    </bean>

    <bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="loginUrl" value="/login"/>
        <property name="successUrl" value="/"/>
        <property name="unauthorizedUrl" value="/registration"/>

        <property name="filterChainDefinitions">
            <value>
                # some example chain definitions:
                /admin/** = authc, roles[admin]
                /docs/** = authc, perms[document:read]
                /** = authc
                # more URL-to-FilterChain definitions here
            </value>
        </property>
    </bean>

    <bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        
        <property name="realm" ref="ourRealm"/>
        <property name="cacheManager" ref="cacheManager"/>
        <property name="sessionManager" ref="sessionManager"/>
    </bean>

    <bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
        <property name="deleteInvalidSessions" value="true"/>
        <property name="cacheManager" ref="cacheManager"/>
        
        <property name="globalSessionTimeout" value="1800000"/>
        <property name="sessionDAO" ref="sessionDAO"/>
    </bean>

    <bean id="sessionDAO"
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
        <property name="cacheManager" ref="cacheManager"/>
    </bean>


    <bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

    
    
    
    <bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
        <property name="staticMethod"
value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
        <property name="arguments" ref="securityManager"/>
    </bean>

    <bean id="cacheManager"
class="com.blah.account.security.shiro.cache.BlahCacheManager">
        <property name="cache" ref="threadLocalCache"/>
    </bean>

    <bean id="threadLocalCache"
class="com.blah.account.security.shiro.cache.ThreadLocalDelegatingCache">
        <property name="wrappedCache" ref="cache"/>
    </bean>

    <bean id="cache"
class="com.blah.account.security.shiro.cache.HDPokerCache"/>

</beans>

Thanks. I would type more, but the wife is calling me for dinner.

Thanks

Mark



--
View this message in context: 
http://shiro-user.582556.n2.nabble.com/SessionID-problem-tp7578355.html
Sent from the Shiro User mailing list archive at Nabble.com.

SessionID problem

Reply via email to