Re: Login successful, but authenticated call to any other api results in 302 response.

Tue, 04 Apr 2017 09:37:13 -0700 

Try taking the Mongo session store out of the mix, and try using
org.apache.shiro.session.mgt.eis.MemorySessionDAO

If that works, then at least you have narrowed down the problem to your
session store.

On Tue, Apr 4, 2017 at 4:26 AM, itsvisher <[email protected]> wrote:

> Hi,
>
> I am using Jersey Framework and decided to use Shiro for authentication
> mechanism.
>
> My problem is, I am able to generate session id and authenticate the user
> with login url, but using the same session key for any other API call is
> always resulting in a 302 response. It's actually happening automatically
> behind the scenes, and my API call is not even getting executed to perform
> other stuff.
>
> Even the logs also say that session is found, but the API code never get's
> executed. Also, the doReadSession is getting called for at least 11 times.
>
> Here is my shiro.ini:
>
>
> # =======================
> # Shiro INI configuration
> # =======================
>
> [main]
> #Defining authentication filter and realm
> authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
> mongoRealm = com.company.core.usermanagement.MongoRealm
> securityManager.realms = $mongoRealm
>
> #Defining session DAO and session Manager
> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> sessionDAO = com.company.core.usermanagement.MongoSessionDAO
> sessionManager.sessionDAO = $sessionDAO
> sessionManager.globalSessionTimeout = 10000
>
> sessionManager.sessionValidationSchedulerEnabled = false
> securityManager.sessionManager = $sessionManager
>
> #Session cache manager
> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> securityManager.cacheManager = $cacheManager
>
> authc.loginUrl = /api/userlogin
>
> [urls]
> /api/userlogin = authc
> /api/** = noSessionCreation, authc
>
>
> Here are my API calls and response:
>
> *For Login:*
>
> curl -i -X POST -H "Content-Type: application/json" -d '{"username":
> "admin", "password": "password", "rememberMe": true}'
> http://localhost:8080/securitysample/api/userlogin
>
> *Response (Expected and Actual):*
>
> HTTP/1.1 200 OK
> Server: Apache-Coyote/1.1
> Set-Cookie: JSESSIONID=d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965;
> Path=/securitysample; HttpOnly
> Set-Cookie: rememberMe=deleteMe; Path=/atlantis-analytics; Max-Age=0;
> Expires=Mon, 03-Apr-2017 07:50:21 GMT
> Set-Cookie:
> rememberMe=pPC2qCOGj93a/sWbOSngHMW3WFAXYnUeINnhLtuNzAf
> 6dAh56APdoArG3k1JWuCZ4I9ljPjqmRqaPYGtalY2ZIMKkCZfs0LvjL+k+
> 4SKTbA8BC5232jrBBYszzphSGsal4+EGPDK29OkeHUY3Yi4ld+3wMNuyP/
> CoaZUjcqZ5qPpj1c5ym7qFj4ylZGf4qscAOtkzqNeste0zns2jTtxakhMKzy
> qgAXFohrhi3eeBqmpaLGXuUN1z4v5jFxV14nqsIAVWiqr1x2BVXfAWD946UyrjYlFO92g+
> TQkuLxkAW2WKTyOYtFUDUM+/AVeUGQc5Tdkj8X94BkywvUuE6BpUQ7BpYaIn9PiC7L5GRRpQ+
> 1L3elEi9XJ6OQ92x8E9xTMPMsr7iFiHqc1edUMhQJmTrRUJPx1iFa1uK+
> yGz9I6IsDKO4JYWlu7INouiiuFgnSOCpNhChDBXwbACJ9cFp2Fv9qcBx/
> Ucx5Kuh71qIJpRct53kz5C7NGffuNOmj9tvqf3vRaBZKe+
> RxpuiCvnFVCwLMpAHutSDA7Kh3EGkeTaYaS9oRgWdd/U/QwIEJ1j1iMVaeK7H6+
> EhvTr15hJTmuA==;
> Path=/securitysample; Max-Age=31536000; Expires=Wed, 04-Apr-2018 07:50:21
> GMT; HttpOnly
> Access-Control-Allow-Origin: *
> Content-Type: */*
> Content-Length: 18
> Date: Tue, 04 Apr 2017 07:50:21 GMT
>
> This is totally expected and I get a session id which is stored in my mongo
> db as well. But call to any other API is always resulting in 302 and the
> actual api code is never getting executed.
>
> *Any other call:*
>
>
> curl -i -X GET -H "Cookie: JSESSIONID=d2594305-e7e1-4bf6-
> a4ea-6ff2ee9c7965"
> http://localhost:8080/securitysample/api/projects?username=admin
>
>
> *Response (Actual and not expected):*
>
>
> HTTP/1.1 302 Moved Temporarily
> Server: Apache-Coyote/1.1
> Location: http://localhost:8080/securitysample/api/userlogin
> Content-Length: 0
> Date: Tue, 04 Apr 2017 07:55:30 GMT
>
>
> Here are the server logs upon calling any other API:
>
>
> 2017-04-04 13:25:30 DEBUG SimpleCookie:389 - Found 'JSESSIONID' cookie
> value
> [d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965]
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 DEBUG MongoSessionDAO:30 - Update session
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
> session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
> 2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
> 2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
> d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
> 2017-04-04 13:25:30 DEBUG MongoSessionDAO:30 - Update session
>
>
> Can someone please tell where I am doing mistake? I have spent a lot of
> time
> in reading shiro documentations and tried lots of other filters such user,
> anon etc. None is working. Please help.
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.
> nabble.com/Login-successful-but-authenticated-call-to-any-
> other-api-results-in-302-response-tp7581569.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>

Reply via email to