Hi Anas, Thanks for the feedback. Did you set a SecurityManager via SecurityUtils? If you didn't, then I don't the code, you've provided would work for me. >From my own troubleshooting, The SecurityUtils.getSecurityManager() failed when I don't set it before hand.
Thanks, Tommy On Mon, Mar 2, 2020 at 8:39 AM Anas Mughal <[email protected]> wrote: > > I ran into a similar issue when I initially set up Shiro in my web > application. Every request was having a different session and I could not > track the logged-in user. > > I added the following code to my generic before handler: > > > before(( request, response ) -> { > > org.apache.shiro.mgt.SecurityManager sm = SecurityUtils.getSecurityManager > (); > > final Subject currentUser = new WebSubject.Builder( sm, request.raw(), > response.raw() ).buildSubject(); > > ThreadContext.bind(currentUser); > > } > > > > I am using SparkJava (http://sparkjava.com/) and this has worked well for > me. > > I hope this helps you. > > -- > Anas Mughal > > > > > > > On Mon, Mar 2, 2020 at 7:59 AM Brian Demers <[email protected]> > wrote: > >> I'm not sure I'm following Tommy. You have a few different messages, the >> one mentioning your shiro.ini >> >> > when the shiro.ini is indeed in /WEB-INF/ >> >> implies that you have fixed the original issue? by i'm guessing you are >> still running into issues? >> >> >> On Sun, Mar 1, 2020 at 9:17 PM Tommy Pham <[email protected]> wrote: >> >>> I've added some debug logging to troubleshoot the session cookie: >>> >>> https://imgur.com/a/vaTZrxP >>> >>> And this is the Shiro's generated session ID: >>> 1984c09f-ee77-461a-96f2-cb3d4cbac8eb >>> >>> On Sun, Mar 1, 2020 at 5:11 PM Tommy Pham <[email protected]> wrote: >>> >>>> According this: >>>> https://shiro.apache.org/web.html#Web-SessionCookieConfiguration >>>> >>>> Should I see a cookie for Shiro's session based upon my minimalist >>>> configuration? I only see cookie for the JSESSIONID. >>>> >>>> On Sun, Mar 1, 2020 at 2:22 PM Tommy Pham <[email protected]> wrote: >>>> >>>>> I've also tried: >>>>> >>>>> Factory<SecurityManager> factory = new >>>>> IniSecurityManagerFactory("classpath:shiro.ini"); >>>>> SecurityManager securityManager = factory.getInstance(); >>>>> SecurityUtils.setSecurityManager(securityManager); >>>>> >>>>> and received this: >>>>> >>>>> org.apache.shiro.config.ConfigurationException: java.io.IOException: >>>>> Resource [classpath:shiro.ini] could not be found. >>>>> >>>>> org.apache.shiro.config.Ini.loadFromPath(Ini.java:250) >>>>> org.apache.shiro.config.Ini.fromResourcePath(Ini.java:233) >>>>> >>>>> org.apache.shiro.config.IniSecurityManagerFactory.<init>(IniSecurityManagerFactory.java:73) >>>>> >>>>> com.sointe.security.FilterSecurity.validateSession(FilterSecurity.java:225) >>>>> com.sointe.security.FilterSecurity.doFilter(FilterSecurity.java:153) >>>>> com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66) >>>>> com.sointe.security.FilterAccessLog.doFilter(FilterAccessLog.java:45) >>>>> com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66) >>>>> com.sointe.web.AppFilterLoader.doFilter(AppFilterLoader.java:146) >>>>> >>>>> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) >>>>> >>>>> when the shiro.ini is indeed in /WEB-INF/. The log shows that the >>>>> listener initialized successfully: >>>>> >>>>> 01-Mar-2020 14:11:28.432 INFO [Catalina-utility-1] >>>>> org.apache.shiro.web.env.EnvironmentLoader.initEnvironment:133 - Starting >>>>> Shiro environment initialization. >>>>> 01-Mar-2020 14:11:28.714 INFO [Catalina-utility-1] >>>>> org.apache.shiro.web.env.EnvironmentLoader.initEnvironment:147 - Shiro >>>>> environment initialized in 282 ms. >>>>> >>>>> Does it matter if configuring both listener and filter in web.xml or >>>>> via a class implementing ServletContainerInitializer.onStartup()? >>>>> >>>>> Thanks, >>>>> Tommy >>>>> >>>>> On Sun, Mar 1, 2020 at 1:50 PM Tommy Pham <[email protected]> wrote: >>>>> >>>>>> Yes. If I omit setting the SecurityManager in the code per the >>>>>> official guide/documentation, I get this exception: >>>>>> >>>>>> org.apache.shiro.UnavailableSecurityManagerException: No >>>>>> SecurityManager accessible to the calling code, either bound to the >>>>>> org.apache.shiro.util.ThreadContext or as a vm static singleton. This is >>>>>> an invalid application configuration. >>>>>> >>>>>> org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123) >>>>>> org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626) >>>>>> org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) >>>>>> >>>>>> com.sointe.security.FilterSecurity.validateSession(FilterSecurity.java:225) >>>>>> >>>>>> com.sointe.security.FilterSecurity.doFilter(FilterSecurity.java:149) >>>>>> com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66) >>>>>> >>>>>> com.sointe.security.FilterAccessLog.doFilter(FilterAccessLog.java:45) >>>>>> com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66) >>>>>> com.sointe.web.AppFilterLoader.doFilter(AppFilterLoader.java:146) >>>>>> >>>>>> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) >>>>>> >>>>>> On Sun, Mar 1, 2020 at 12:59 PM Brian Demers <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Are you creating a new security manager for each request? >>>>>>> >>>>>>> >>>>>>> I’m not sure how you are using this logic, but you should let Shiro >>>>>>> do all of this for you (via the ShiroFilter). >>>>>>> >>>>>>> -Brian >>>>>>> >>>>>>> > On Mar 1, 2020, at 2:43 PM, tommyhp2 <[email protected]> wrote: >>>>>>> > >>>>>>> > Hi Brian, >>>>>>> > >>>>>>> > Thanks for the prompt feedback. Here's the code I used to check >>>>>>> for the >>>>>>> > session: >>>>>>> > >>>>>>> > https://pastebin.com/F5SMmLpq >>>>>>> > >>>>>>> > The shiro.ini is very basic and minimal: >>>>>>> > >>>>>>> > [main] >>>>>>> > [users] >>>>>>> > [roles] >>>>>>> > [urls] >>>>>>> > /** = anon >>>>>>> > >>>>>>> > Most of the content (99%) in shiro.ini are comments and examples >>>>>>> as notes >>>>>>> > for future implementation of authentication and authorization. >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > -- >>>>>>> > Sent from: http://shiro-user.582556.n2.nabble.com/ >>>>>>> >>>>>> > > -- > Anas Mughal > > > > >
