According this: https://shiro.apache.org/web.html#Web-SessionCookieConfiguration
Should I see a cookie for Shiro's session based upon my minimalist configuration? I only see cookie for the JSESSIONID. On Sun, Mar 1, 2020 at 2:22 PM Tommy Pham <[email protected]> wrote: > I've also tried: > > Factory<SecurityManager> factory = new > IniSecurityManagerFactory("classpath:shiro.ini"); > SecurityManager securityManager = factory.getInstance(); > SecurityUtils.setSecurityManager(securityManager); > > and received this: > > org.apache.shiro.config.ConfigurationException: java.io.IOException: > Resource [classpath:shiro.ini] could not be found. > > org.apache.shiro.config.Ini.loadFromPath(Ini.java:250) > org.apache.shiro.config.Ini.fromResourcePath(Ini.java:233) > > org.apache.shiro.config.IniSecurityManagerFactory.<init>(IniSecurityManagerFactory.java:73) > > com.sointe.security.FilterSecurity.validateSession(FilterSecurity.java:225) > com.sointe.security.FilterSecurity.doFilter(FilterSecurity.java:153) > com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66) > com.sointe.security.FilterAccessLog.doFilter(FilterAccessLog.java:45) > com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66) > com.sointe.web.AppFilterLoader.doFilter(AppFilterLoader.java:146) > > org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) > > when the shiro.ini is indeed in /WEB-INF/. The log shows that the > listener initialized successfully: > > 01-Mar-2020 14:11:28.432 INFO [Catalina-utility-1] > org.apache.shiro.web.env.EnvironmentLoader.initEnvironment:133 - Starting > Shiro environment initialization. > 01-Mar-2020 14:11:28.714 INFO [Catalina-utility-1] > org.apache.shiro.web.env.EnvironmentLoader.initEnvironment:147 - Shiro > environment initialized in 282 ms. > > Does it matter if configuring both listener and filter in web.xml or via a > class implementing ServletContainerInitializer.onStartup()? > > Thanks, > Tommy > > On Sun, Mar 1, 2020 at 1:50 PM Tommy Pham <[email protected]> wrote: > >> Yes. If I omit setting the SecurityManager in the code per the official >> guide/documentation, I get this exception: >> >> org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager >> accessible to the calling code, either bound to the >> org.apache.shiro.util.ThreadContext or as a vm static singleton. This is >> an invalid application configuration. >> >> org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123) >> org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626) >> org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) >> >> com.sointe.security.FilterSecurity.validateSession(FilterSecurity.java:225) >> com.sointe.security.FilterSecurity.doFilter(FilterSecurity.java:149) >> com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66) >> com.sointe.security.FilterAccessLog.doFilter(FilterAccessLog.java:45) >> com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66) >> com.sointe.web.AppFilterLoader.doFilter(AppFilterLoader.java:146) >> >> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) >> >> On Sun, Mar 1, 2020 at 12:59 PM Brian Demers <[email protected]> >> wrote: >> >>> Are you creating a new security manager for each request? >>> >>> >>> I’m not sure how you are using this logic, but you should let Shiro do >>> all of this for you (via the ShiroFilter). >>> >>> -Brian >>> >>> > On Mar 1, 2020, at 2:43 PM, tommyhp2 <[email protected]> wrote: >>> > >>> > Hi Brian, >>> > >>> > Thanks for the prompt feedback. Here's the code I used to check for >>> the >>> > session: >>> > >>> > https://pastebin.com/F5SMmLpq >>> > >>> > The shiro.ini is very basic and minimal: >>> > >>> > [main] >>> > [users] >>> > [roles] >>> > [urls] >>> > /** = anon >>> > >>> > Most of the content (99%) in shiro.ini are comments and examples as >>> notes >>> > for future implementation of authentication and authorization. >>> > >>> > >>> > >>> > -- >>> > Sent from: http://shiro-user.582556.n2.nabble.com/ >>> >>
