Did you see Pax Shiro https://ops4j1.jira.com/wiki/display/PAXSHIRO/OPS4J+Pax+Shiro
2014-10-18 15:17 GMT-05:00 Paul Holding <[email protected]>: > I am developing a JSF web based application that makes use of CDI managed > beans and Shiro managed sessions. The problem I've got is when a JSF page > that references an object annotated with > @javax.enterprise.context.SessionScoped an UnknownSessionException is > thrown. I have set the logging level to finest and looking through the > application server log file I can see that when the user accesses the login > page a new session is created along with a cookie that sets JSESSIONID to > b2b69494-2236-467f-9e0b-3c262c74b7c4. When the user accesses the page that > references the SessionScoped bean the cookie is updated to have a JSESSIONID > set to 49253beaee601d4107cba4b61c77, at this point an > UnknownSessionException is thrown. When accessing pages that reference a > managed bean annotated with either > @javax.enterprise.context.ApplicationScoped or @javax.faces.view.ViewScoped > everything works fine. > > It appears that when accessing a page that references a session scoped bean, > the servlet container is creating a new session rather than allowing the > Shiro managed session to be used. If I configure Shiro to use something > other than JSESSIONID then the error isn't thrown but instead two sessions > appear to be created, one managed by Shiro and the other managed by the > servlet container. > > The contents of my shiro.ini file is > [main] > authc.loginUrl = /login.xhtml > authc.usernameParam = login:username > authc.passwordParam = login:password > authc.rememberMeParam = login:rememberMe > user.loginUrl = /login.xhtml > authc.successUrl = /app/index.xhtml > > sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager > securityManager.sessionManager = $sessionManager > > [users] > admin = password > > [urls] > /login.xhtml = authc > /app/** = user > > My environment is using Glassfish 4.1, Java EE version 7, Mojarra version > 2.2.7 for JSF, Weld version 2.2.2 for CDI, and Shiro version 1.2.3. I have > also reproduced the same issue on Glassfish version 4.0 albeit with earlier > versions of Mojarra and Weld. > > I have uploaded the relevant portion of the application server log to > PasteBin which can be accessed with the URL http://pastebin.com/2sPHfdTQ > <http://pastebin.com/2sPHfdTQ> > I've also created an example Maven project to demonstrate the problem. The > example project can be downloaded from > https://www.dropbox.com/s/1x9pe2o9ja0q9jw/TestJavaEE-web.zip?dl=0 > <https://www.dropbox.com/s/1x9pe2o9ja0q9jw/TestJavaEE-web.zip?dl=0> which > contains the source code and the complied war file. > > Is anyone else currently using CDI managed session scoped beans with Shiro > managed sessions, and if so have you had any problems? > > Is there a configuration setting I've missed either in Shiro or GlassFish or > is this a bug? > > Many Thanks > > Paul > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/UnknownSessionException-when-using-SessionScoped-CDI-managed-beans-with-Shiro-managed-sessions-tp7580281.html > Sent from the Shiro User mailing list archive at Nabble.com.
