Thanks Brian, My observation is that even SecurityUtils.getSecurityManager(); is working in user context only, I tried placing it in the constructor of my RPC provider class but of no luck. yes i see shiro getting intialized in the before my module as per the logs of ODL.
I wanted to move this to shiro.ini but do not know how I can make my class accessible during shiro initialization (I don't want to make changes to ODL aaa module). I know this is not specific to shiro but do you suggest anything for me to achieve this? WebUtils.getRequiredWebEnvironment() needs servlet context as input and I don't see it in my ODL module, so might not be able to use it. On Wed, Nov 2, 2016 at 6:16 AM, Brian Demers <[email protected]> wrote: > You only need to be in the context of a request if you are dealing with a > user's request. > > You _could_ just get the SecurityManager from 'WebUtils. > getRequiredWebEnvironment()' (assuming Shiro has already been > initialized). You could also just move all of this configuration into your > shiro.ini file. > > On Tue, Nov 1, 2016 at 6:56 PM, Harinath Mallepally <[email protected]> > wrote: > >> Hi Brian, >> >> I wanted to add my custom AuthenticationListener to shiro so that I can >> required logging. As I understand I can get the SecurityManager reference >> only during user context (RPC in ODL), I am doing this during a RPC >> invocation. >> >> org.apache.shiro.mgt.SecurityManager secManager = >> SecurityUtils.getSecurityManager(); >> AuthenticatingSecurityManager absSecMgr = >> (AuthenticatingSecurityManager)secManager; >> AbstractAuthenticator absAuthenticator = >> (AbstractAuthenticator)absSecMgr.getAuthenticator(); >> absAuthenticator.getAuthenticationListeners().add(new >> XceedAuthenticationListener()); >> >> >> It doesn't sound right to me as multiple calls will result in duplicate >> listeners. is there any easier option. >> >> Since ODL AAA is initializing shiro, other option I have is to bundle my >> code along with AAA but I want to avoid that. >> >> Thanks >> Hari >> >> >> On Mon, Oct 31, 2016 at 3:49 PM, Harinath Mallepally <[email protected]> >> wrote: >> >>> I think it was my mistake. It was my addition of shiro-core into maven >>> bundle-plugin, that might have resulted in the behavior i observed, I >>> removed it and it worked fine. >>> >>> >>> <plugin> >>> <groupId>org.apache.felix</groupId> >>> <artifactId>maven-bundle-plugin</artifactId> >>> <version>2.4.0</version> >>> <extensions>true</extensions> >>> <configuration> >>> <instructions> >>> <Import-Package>*</Import-Package> >>> <Embed-Dependency>...,shiro-core</Embed-Dependency> >>> </instructions> >>> <manifestLocation>${project.basedir}/META-INF</manifestLocation> >>> </configuration> >>> </plugin> >>> >>> Thanks >>> Hari >>> >>> I >>> >>> On Mon, Oct 31, 2016 at 7:12 AM, Brian Demers <[email protected]> >>> wrote: >>> >>>> I know a portion of opendaylight is async, so you _may_ need to >>>> configure the static instance of the SecurityManager, But from the stack >>>> trace, I do NOT see the Shiro filter. Take a look at >>>> http://shiro.apache.org/web.html to see what you would need in your >>>> web.xml >>>> >>>> Let us know how it goes. >>>> >>>> On Fri, Oct 28, 2016 at 6:09 PM, Harinath Mallepally <[email protected]> >>>> wrote: >>>> >>>>> Brian, >>>>> >>>>> Here is the log trace >>>>> >>>>> https://gist.github.com/careerscale/697284952f01e445b10a3bc95f773dac >>>>> >>>>> >>>>> >>>>> On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <[email protected]> >>>>> wrote: >>>>> >>>>>> I'd need to see a bit more of the stacktrace. But i'm guessing your >>>>>> call is not in the context of a request. If that is the case you would >>>>>> need to enable the static instance of the SecurityManager. >>>>>> >>>>>> See the note about 'staticSecurityManagerEnabled' in: >>>>>> https://shiro.apache.org/static/current/apidocs/org/apache/s >>>>>> hiro/web/servlet/AbstractShiroFilter.html >>>>>> >>>>>> On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Brian, >>>>>>> >>>>>>> it is same error , looks like something is wrong. >>>>>>> >>>>>>> org.apache.shiro.UnavailableSecurityManagerException: No >>>>>>> SecurityManager accessible to the calling code, either bound to the >>>>>>> org.apache.shiro.util.ThreadContext or as a vm static singleton. >>>>>>> This is an invalid application configuration. >>>>>>> at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUt >>>>>>> ils.java:123) >>>>>>> at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627) >>>>>>> at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) >>>>>>> >>>>>>> >>>>>>> couldn't figure it out. any thoughts? >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> in both cases. I understand that it needs a user context and during >>>>>>>> application start, this error makes sense. >>>>>>>> >>>>>>>> it failed in RPC requests, i expected it to work. >>>>>>>> i saw this working fine earlier, might be something got messed up. >>>>>>>> will do clean build and try again. >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Where is that method getting called from? Is it from the context >>>>>>>>> of a request or while your application is starting ? >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Thanks for the response. >>>>>>>>>> >>>>>>>>>> I tried this way, but results in with error. any thoughts on how >>>>>>>>>> do I get handle on this? It looks like something is wrong with >>>>>>>>>> configuration or so. >>>>>>>>>> >>>>>>>>>> private void setListener(){ >>>>>>>>>> >>>>>>>>>> try { >>>>>>>>>> //TODO temp code, remove it >>>>>>>>>> AuthenticatingSecurityManager securityMgr = >>>>>>>>>> (AuthenticatingSecurityManager) SecurityUtils.getSecurityManag >>>>>>>>>> er(); >>>>>>>>>> >>>>>>>>>> System.out.println(securityMgr); >>>>>>>>>> >>>>>>>>>> AbstractAuthenticator authentication = >>>>>>>>>> (AbstractAuthenticator) securityMgr.getAuthenticator(); >>>>>>>>>> >>>>>>>>>> authentication.getAuthenticationListeners().add(new >>>>>>>>>> CustomAuthenticationListener()); >>>>>>>>>> }catch(Exception e){ >>>>>>>>>> LOG.error("error {}", e); >>>>>>>>>> } >>>>>>>>>> } >>>>>>>>>> but resulted in with this >>>>>>>>>> >>>>>>>>>> error {} >>>>>>>>>> org.apache.shiro.UnavailableSecurityManagerException: No >>>>>>>>>> SecurityManager accessible to the calling code, either bound to the >>>>>>>>>> org.apache.shiro.util.ThreadContext or as a vm static >>>>>>>>>> singleton. This is an invalid application configuration. >>>>>>>>>> at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUt >>>>>>>>>> ils.java:123) >>>>>>>>>> >>>>>>>>>> ......... >>>>>>>>>> >>>>>>>>>> On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> I'm not sure, but if I had to guess, I would say you need to >>>>>>>>>>> export your package in your bundles config >>>>>>>>>>> >>>>>>>>>>> On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> yes, I am using shiro.ini, my problem is my class is not being >>>>>>>>>>>> identified in karaf (doing it with opendaylight), didn't know how >>>>>>>>>>>> to add my >>>>>>>>>>>> class into classpath without modifying ODL feature. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> I you are using a shiro.ini just stick your filter in the >>>>>>>>>>>>> [main] section. >>>>>>>>>>>>> >>>>>>>>>>>>> For example: >>>>>>>>>>>>> >>>>>>>>>>>>> [main] >>>>>>>>>>>>> ... >>>>>>>>>>>>> myFilter = com.foo.bar.MyWickedCoolFilter >>>>>>>>>>>>> >>>>>>>>>>>>> [urls] >>>>>>>>>>>>> /path/* = myFilter >>>>>>>>>>>>> # or possibly >>>>>>>>>>>>> /another/path/* = myFitler[anOption] >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[email protected]> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> There's a SecurityUtils class that can access the static >>>>>>>>>>>>>> SecurityManager object. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>> Allan C. >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally < >>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> is it possible to get reference of SecurityManager so that a >>>>>>>>>>>>>>> custom AuthenticationFilter can be added? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Please let me know >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>> Hari >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
