Hi, Indeed, a session is required to make OAuth work in most cases. Thanks again for sharing your problem and solution. Best regards, Jérôme
2014-02-11 21:58 GMT+01:00 Albert Kam [via Shiro User] < [email protected]>: > Turns out to be the issue with noSessionCreation. > Disabling noSessionCreation will make it work. > > In my case though, i still kinda need noSessionCreation, > so in my signup controller, i just 'skip' the noSessionCreation by > explicitly enabling session creation though > req.setAttribute(DefaultSubjectContext.SESSION_CREATION_ENABLED, > Boolean.TRUE); > > Also i had to reorder the filters, so that /** is at the last of the list. > > > > > On Tue, Feb 11, 2014 at 11:37 PM, Albert Kam <[hidden > email]<http://user/SendEmail.jtp?type=node&node=7579636&i=0> > > wrote: > >> I'm trying to generate the facebook link through >> fbClient.getRedirectionUrl(new ShiroWebContext(req, resp), false); >> >> And this throwed this exception : >> >> org.apache.shiro.subject.support.DisabledSessionException: Session >> creation has been disabled for the current subject. This exception >> indicates that there is either a programming error (using a session when it >> should never be used) or that Shiro's configuration needs to be adjusted to >> allow Sessions to be created for the current Subject. See the >> org.apache.shiro.subject.support.DisabledSessionException JavaDoc for more. >> at >> org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:331) >> at >> org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:312) >> at >> io.buji.pac4j.ShiroWebContext.setSessionAttribute(ShiroWebContext.java:51) >> at >> org.pac4j.oauth.client.BaseOAuth20Client.retrieveAuthorizationUrl(BaseOAuth20Client.java:52) >> at >> org.pac4j.oauth.client.BaseOAuthClient.retrieveRedirectionUrl(BaseOAuthClient.java:92) >> at org.pac4j.core.client.BaseClient.getRedirectionUrl(BaseClient.java:117) >> at >> web.controller.common.CommonController.signupPageImpl(CommonController.java:77) >> at >> web.controller.common.CommonController.access$0(CommonController.java:74) >> at >> web.controller.common.CommonController$1.exec(CommonController.java:70) >> at web.controller.WebTemplate.execImpl(WebTemplate.java:71) >> at web.controller.WebTemplate.execWithoutMwdService(WebTemplate.java:45) >> at >> web.controller.common.CommonController.signupPage(CommonController.java:66) >> >> My environment is with spring mvc, using custom realm, custom session >> dao, and with native session. >> >> <bean id="sessionManager" >> class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> >> <property name="globalSessionTimeout" value="xxx" /> >> <property name="sessionDAO" ref="sessionDAO" /> >> <property name="sessionValidationSchedulerEnabled" value="false" /> >> <property name="sessionIdCookie.domain" value="xxx.com" /> >> </bean> >> >> <bean id="securityManager" >> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> >> <property name="sessionMode" value="native" /> >> <property name="realms"> >> <list> >> <ref bean="mainRealm" /> >> </list> >> </property> >> <property name="sessionManager" ref="sessionManager" /> >> </bean> >> >> And here are buji specific configs : >> >> <bean id="facebookClient" class="org.pac4j.oauth.client.FacebookClient"> >> <constructor-arg name="key" value="myAppId" /> >> <constructor-arg name="secret" value="mySecret" /> >> </bean> >> <bean id="clients" class="org.pac4j.core.client.Clients"> >> <constructor-arg name="callbackUrl" value=" >> http://myweb.com:8080/social-callback"; /> >> <constructor-arg name="clients"> >> <list> >> <ref bean="facebookClient" /> >> </list> >> </constructor-arg> >> </bean> >> <bean id="clientsFilter" class="io.buji.pac4j.ClientFilter"> >> <property name="failureUrl" value="/404.html" /> >> <property name="clients"> >> <ref bean="clients" /> >> </property> >> </bean> >> <bean id="clientsRealm" class="io.buji.pac4j.ClientRealm"> >> <property name="defaultRoles" value="ROLE_USER" /> >> <property name="clients"> >> <ref bean="clients" /> >> </property> >> </bean> >> >> <bean id="shiroFilter" >> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> >> <property name="securityManager" ref="securityManager"/> >> <property name="loginUrl" value="/login"/> >> <property name="successUrl" value="/"/> >> <property name="unauthorizedUrl" value="/signup"/> >> <property name="filterChainDefinitions"> >> <value> >> /login = authc >> /logout = noSessionCreation, logout >> /** = noSessionCreation, anon >> /social-callback = clientsFilter >> </value> >> </property> >> </bean> >> >> Please note that with this configuration, the normal form-based >> username-password authentication works perfectly, >> where a session is created for every successful user login. >> >> What did i do wrong ? >> >> Thank you .. >> >> -- >> Do not pursue the past. Do not lose yourself in the future. >> The past no longer is. The future has not yet come. >> Looking deeply at life as it is in the very here and now, >> the practitioner dwells in stability and freedom. >> (Thich Nhat Hanh) >> > > > > -- > Do not pursue the past. Do not lose yourself in the future. > The past no longer is. The future has not yet come. > Looking deeply at life as it is in the very here and now, > the practitioner dwells in stability and freedom. > (Thich Nhat Hanh) > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://shiro-user.582556.n2.nabble.com/pac4j-buji-Session-creation-error-tp7579632p7579636.html > To start a new topic under Shiro User, email > [email protected] > To unsubscribe from Shiro User, click > here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=582556&code=bGVsZXVqQGdtYWlsLmNvbXw1ODI1NTZ8LTExNzY2MzcxMTY=> > . > NAML<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://shiro-user.582556.n2.nabble.com/pac4j-buji-Session-creation-error-tp7579632p7579639.html Sent from the Shiro User mailing list archive at Nabble.com.
