Gosh!!! You were so right. It is problem of my SessionDAO implementation.
Where did I do wrong??
Here is my implementation of SessionDAO:
package com.company.core.usermanagement;
import java.io.ByteArrayInputStream;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.util.Collection;
import org.apache.log4j.Logger;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import com.mongodb.BasicDBObject;
import com.mongodb.DBCursor;
import com.mongodb.util.JSON;
public class MongoSessionDAO extends AbstractSessionDAO {
private static final Logger logger =
Logger.getLogger(MongoSessionDAO.class);
MongoProvider mp = new MongoProvider();
String localdbName = "testdb";
Session session;
@Override
public void update(Session session) throws UnknownSessionException {
logger.debug("Update session");
}
@Override
public void delete(Session session) {
logger.debug("Deleting session: " + session.getId());
session.stop();
}
@Override
public Collection<Session> getActiveSessions() {
return null;
}
@Override
protected Serializable doCreate(Session session) {
logger.info("Inside doCreate ");
Serializable timeUuid = generateSessionId(session);
assignSessionId(session, timeUuid);
save(session.getId());
logger.info("doCreate session Id: " + session.getId());
return session.getId();
}
private void save(Serializable sessionId) {
logger.info("Saving session...");
int id = 0;
mp.init();
MongoRealm mongoRealmuser = new
MongoRealm(mp.getCollection(localdbName,
"usersessions"));
MongoRealm mongoRealcounter = new
MongoRealm(mp.getCollection(localdbName,
"counters"));
id = ((Double)
mongoRealcounter.getNextSequence("usersessions")).intValue();
logger.info("sId-----> " + sessionId);
mp.insertDBObject(localdbName,
mongoRealmuser.createUserSessions(id,
sessionId), "usersessions");
}
@Override
protected Session doReadSession(Serializable sessionId) {
logger.info("doReadSession - Looking for session id: " +
sessionId.toString());
mp.init();
BasicDBObject allQuery = new BasicDBObject();
allQuery.put("session", sessionId);
DBCursor cursor = mp.getCollection(localdbName,
"usersessions").find(allQuery);
if (!cursor.hasNext()) {
logger.debug("Session does not exists");
return null;
}
String jOut = JSON.serialize(cursor);
final SimpleSession session = new SimpleSession();
session.setId(sessionId);
try {
JSONArray jArray = new JSONArray(jOut);
JSONObject jb = (JSONObject) jArray.get(0);
logger.info("Found session: " + jb.get("session"));
} catch (JSONException e) {
e.printStackTrace();
logger.error("No Session is present :: " +
e.toString());
}
return session;
}
@SuppressWarnings("unused")
private static Session deserialize(String sessionStr) {
try {
logger.info("SessionStr >>>> " +
Base64.decodeToString(sessionStr));
// new ByteArrayInputStream(Base64.decode(sessionStr));
ByteArrayInputStream bis = new
ByteArrayInputStream(sessionStr.getBytes());
ObjectInputStream ois = new ObjectInputStream(bis);
return (Session) ois.readObject();
} catch (Exception e) {
throw new RuntimeException("deserialize session error",
e);
}
}
}//end of class
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Login-successful-but-authenticated-call-to-any-other-api-results-in-302-response-tp7581569p7581572.html
Sent from the Shiro User mailing list archive at Nabble.com.
