Re: Shiro Session Management

Sun, 01 Mar 2020 14:23:11 -0800 

I've also tried:

Factory<SecurityManager> factory = new
IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);

and received this:

org.apache.shiro.config.ConfigurationException: java.io.IOException:
Resource [classpath:shiro.ini] could not be found.

        org.apache.shiro.config.Ini.loadFromPath(Ini.java:250)
        org.apache.shiro.config.Ini.fromResourcePath(Ini.java:233)
        
org.apache.shiro.config.IniSecurityManagerFactory.<init>(IniSecurityManagerFactory.java:73)
        
com.sointe.security.FilterSecurity.validateSession(FilterSecurity.java:225)
        com.sointe.security.FilterSecurity.doFilter(FilterSecurity.java:153)
        com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66)
        com.sointe.security.FilterAccessLog.doFilter(FilterAccessLog.java:45)
        com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66)
        com.sointe.web.AppFilterLoader.doFilter(AppFilterLoader.java:146)
        
org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)

when the shiro.ini is indeed in /WEB-INF/.  The log shows that the listener
initialized successfully:

01-Mar-2020 14:11:28.432 INFO [Catalina-utility-1]
org.apache.shiro.web.env.EnvironmentLoader.initEnvironment:133 - Starting
Shiro environment initialization.
01-Mar-2020 14:11:28.714 INFO [Catalina-utility-1]
org.apache.shiro.web.env.EnvironmentLoader.initEnvironment:147 - Shiro
environment initialized in 282 ms.

Does it matter if configuring both listener and filter in web.xml or via a
class implementing ServletContainerInitializer.onStartup()?

Thanks,
Tommy

On Sun, Mar 1, 2020 at 1:50 PM Tommy Pham <[email protected]> wrote:

> Yes. If I omit setting the SecurityManager in the code per the official
> guide/documentation, I get this exception:
>
> org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager
> accessible to the calling code, either bound to the
> org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is
> an invalid application configuration.
>
> org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
>     org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626)
>     org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)
>
> com.sointe.security.FilterSecurity.validateSession(FilterSecurity.java:225)
>     com.sointe.security.FilterSecurity.doFilter(FilterSecurity.java:149)
>     com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66)
>     com.sointe.security.FilterAccessLog.doFilter(FilterAccessLog.java:45)
>     com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66)
>     com.sointe.web.AppFilterLoader.doFilter(AppFilterLoader.java:146)
>
> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
>
> On Sun, Mar 1, 2020 at 12:59 PM Brian Demers <[email protected]>
> wrote:
>
>> Are you creating a new security manager for each request?
>>
>>
>> I’m not sure how you are using this logic, but you should let Shiro do
>> all of this for you (via the ShiroFilter).
>>
>> -Brian
>>
>> > On Mar 1, 2020, at 2:43 PM, tommyhp2 <[email protected]> wrote:
>> >
>> > Hi Brian,
>> >
>> > Thanks for the prompt feedback.  Here's the code I used to check for the
>> > session:
>> >
>> > https://pastebin.com/F5SMmLpq
>> >
>> > The shiro.ini is very basic and minimal:
>> >
>> > [main]
>> > [users]
>> > [roles]
>> > [urls]
>> > /** = anon
>> >
>> > Most of the content (99%) in shiro.ini are comments and examples as
>> notes
>> > for future implementation of authentication and authorization.
>> >
>> >
>> >
>> > --
>> > Sent from: http://shiro-user.582556.n2.nabble.com/
>>
>

Reply via email to