-
1. Re: Problems with Apache Shiro Sessions after Migrating from 8.0 to 8.1 final (Wildfly)
jaikiran Jul 29, 2014 12:42 AM (in response to emresimtay)Please provide more information like the relevant code, the web.xml configurations, the URL you use to access the application and any exception stacktraces.
-
2. Re: Problems with Apache Shiro Sessions after Migrating from 8.0 to 8.1 final (Wildfly)
emresimtay Jul 31, 2014 5:14 AM (in response to jaikiran)No error or exception stack-traces. User can log-in without any problem and shiro can create a session but then next time the user tries to login Shiro cannot bind to the session and authenticates the user again so creates another session where this (currentUser.isAuthenticated()) should return true. I can see the sessions are getting invalidated after an hour later.
The exact same application with the same server configurations without any changes and the same database instance runs perfectly on 8.0 final. Here, I copy-pasted the relevant config and the code. Thanks so much for your help, looking forward to your reply. Cheers
Shiro.ini
[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.authenticationQuery=SELECT password FROM Person WHERE username = ?
jdbcRealm.userRolesQuery=select rolename from role r left join person p on p.USERNAME = ? left join person_roles pr on pr.Person_personid = p.ID where pr.Role_roleid = r.ID
ds=com.mysql.jdbc.jdbc2.optional.MysqlDataSource
ds.serverName=localhost
ds.user=******
ds.password=******
ds.databaseName=******
jdbcRealm.dataSource=$ds
sha256Matcher=org.apache.shiro.authc.credential.Sha256CredentialsMatcher
jdbcRealm.credentialsMatcher=$sha256Matcher
sessionManager=org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager=$sessionManager
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
authc.loginUrl = /admin/login.html
[urls]
/rest/authentication/login/** = anon
/admin/css/** = anon
/admin/js/** = anon
/** = authc
Web.xml
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
login code
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken(username, password, true);
try {
currentUser.login(token);
currentUser.getSession(true);
log.info("User: " + username + " logged in succcessfuly.");
return "Successfuly Authenticated ";
} catch (UnknownAccountException e) {
log.info("Unknown Account Exception");
return "Authentication Failed";
} catch (IncorrectCredentialsException e) {
log.info("Incorrect Credentials Exception");
return "Authentication Failed";
} catch (LockedAccountException e) {
log.info("Locked Account Exception");
return "Authentication Failed";
} catch (AuthenticationException e) {
log.info("Authentication Exception");
return "Authentication Failed";
}
}
return "Already Authenticated";
-
3. Re: Problems with Apache Shiro Sessions after Migrating from 8.0 to 8.1 final (Wildfly)
ctomc Jul 31, 2014 3:23 PM (in response to emresimtay)1 of 1 people found this helpfulYou might be hit by https://issues.jboss.org/browse/WFLY-3448
can you try with nightly build that has this fixed?
-
4. Re: Problems with Apache Shiro Sessions after Migrating from 8.0 to 8.1 final (Wildfly)
emresimtay Aug 2, 2014 3:49 AM (in response to ctomc)Hey Tomaz, thanks for your reply, I did have a look at the jira and it might be related to my issue but still couldn't get it working with the workarounds that worked for their applications.
I have noticed that when I run my web application on 8.0, after in the login page response header I can see this cookie
- Set-Cookie:JSESSIONID=4f65f700-151b-4852-9b47-cc2678343e17.pinchy; path=
But 8.1 login page response header doesn't set this cookie so I don't really understand what happening here but changing name JSESSIONID to something else fixed the issue.
here what I have added to my shiro.ini
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = shiro.session.id
sessionManager.sessionIdCookie = $cookie