I tested this code:
I added these lines in shiro.ini
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager
I tested this managed bean:
import java.io.Serializable;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Collection;
import javax.faces.view.ViewScoped;
import javax.inject.Named;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.DefaultSessionManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
@Named
@ViewScoped
public class ActiveAccounts implements Serializable
{
public Collection<Session> listAccounts() throws
IllegalAccessException, NoSuchMethodException, IllegalArgumentException,
InvocationTargetException
{
DefaultSecurityManager manager = (DefaultSecurityManager)
SecurityUtils.getSecurityManager();
DefaultWebSessionManager sessionManager =
(DefaultWebSessionManager) manager.getSessionManager();
// invoke "sessionManager.getActiveSessions()" via reflection:
Method getActiveSessionsMethod =
DefaultSessionManager.class.getDeclaredMethod("getActiveSessions");
getActiveSessionsMethod.setAccessible(true);
Collection<Session> activeSessions = (Collection<Session>)
getActiveSessionsMethod.invoke(sessionManager);
return activeSessions;
}
}
But when I run this code I get
javax.faces.el.EvaluationException: java.lang.ClassCastException:
org.apache.shiro.web.session.mgt.ServletContainerSessionManager cannot
be cast to org.apache.shiro.web.session.mgt.DefaultWebSessionManager
at
javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:101)
at
com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at javax.faces.component.UICommand.broadcast(UICommand.java:315)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790)
at
javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282)
at
com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at
org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at
org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at
org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
at
org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2500)
at
org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2489)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ClassCastException:
org.apache.shiro.web.session.mgt.ServletContainerSessionManager cannot
be cast to org.apache.shiro.web.session.mgt.DefaultWebSessionManager
at
com.crm.web.authentication.ActiveAccounts.listAccounts(ActiveAccounts.java:22)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.el.parser.AstValue.invoke(AstValue.java:247)
at
org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:267)
at
org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
at
org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
at
com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
at
javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87)
... 43 more
Can you give some advice how to fix it?
On Tue, May 10, 2016 at 5:06 PM, Richard Bradley <
[email protected]> wrote:
> If you are using in-memory sessions or EHCache, then
> DefaultSessionManager.getActiveSessions() should work. It's a "protected"
> method which is designed for use by the stale session sweeper thread.
>
> import org.apache.shiro.SecurityUtils;
> import org.apache.shiro.mgt.DefaultSecurityManager;
> import org.apache.shiro.session.Session;
> import org.apache.shiro.session.mgt.DefaultSessionManager;
> import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
>
> DefaultSecurityManager manager = (DefaultSecurityManager)
> SecurityUtils.getSecurityManager();
> DefaultWebSessionManager sessionManager =
> (DefaultWebSessionManager) manager.getSessionManager();
> // invoke "sessionManager.getActiveSessions()" via reflection:
> Method getActiveSessionsMethod =
> DefaultSessionManager.class.getDeclaredMethod("getActiveSessions");
> getActiveSessionsMethod.setAccessible(true);
> Collection<Session> activeSessions = (Collection<Session>)
> getActiveSessionsMethod.invoke(sessionManager);
>
> return activeSessions.toString();
>
>
> If you have a more complicated setup, then you need to have a look at the
> implementation of your SessionDAO and adjust the above code accordingly.
> (The default setup should work with the above code; I think you can remove
> the cache you added in your email below.)
>
> GL
>
>
> Rich
>
>
> -----Original Message-----
> From: Peter Penzov [mailto:[email protected]]
> Sent: 10 May 2016 11:07
> To: [email protected]
> Subject: Re: Get list of all logged users from Apache Shiro
>
> Thanks, I added
>
> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> securityManager.cacheManager = $cacheManager
>
> How I can get the sessions using Java. Can you show me some Java code
> sample, please?
>
>
>
> On Tue, May 10, 2016 at 12:56 PM, Thibault TIGEON <
> [email protected]
> > wrote:
>
> > You can find the documentation concerning the cache here :
> > http://shiro.apache.org/caching.html
> >
> > Rgds,
> >
> > Thibault
> >
> > 2016-05-10 11:33 GMT+02:00 Peter Penzov <[email protected]>:
> >
> > > Hi Darin,
> > > Thank you for the response. I use this shiro.ini configuration:
> > >
> > > [main]
> > > shiro.loginUrl = /authentication/login.xhtml dataSource =
> > > org.apache.shiro.jndi.JndiObjectFactory
> > > dataSource.resourceName = jdbc/DefaultDB dataSource.resourceRef =
> > > true jdbcRealm = com.crm.web.authentication.JdbcRealm
> > > jdbcRealm.dataSource = $dataSource
> > > jdbcRealm.permissionsLookupEnabled = true securityManager.realm =
> > > $jdbcRealm passwordMatcher =
> > > org.apache.shiro.authc.credential.Sha256CredentialsMatcher
> > > credentialsMatcher =
> > > org.apache.shiro.authc.credential.HashedCredentialsMatcher
> > > credentialsMatcher.hashAlgorithmName = SHA-256
> > > credentialsMatcher.storedCredentialsHexEncoded = true
> > > credentialsMatcher.hashIterations = 5000 multipleroles =
> > com.crm.web.authentication.MultipleRolesAuthorizationFilter
> > >
> > > [urls]
> > > /authentication/login.xhtml = authc
> > > /authentication/passwordreset.xhtml = anon
> > > /javax.faces.resource/** = anon
> > > /** = authc
> > >
> > > How I can add cache?
> > >
> > > On Tue, May 10, 2016 at 12:18 PM, Darin Gordon <[email protected]>
> wrote:
> > >
> > > > If you're using a cache, you could get active sessions from it ,
> > > > deserialize each session, and find those that have the " is
> > > authenticated "
> > > > flag set. Authenticated sessions will have user identification in
> > them,
> > > > too.
> > > > On May 10, 2016 2:26 AM, "Peter Penzov" <[email protected]>
> > wrote:
> > > >
> > > > > Hi All,
> > > > > How I can get all logged in users as a list in Apache Shiro?
> > > > >
> > > > > Can you give me some example?
> > > > >
> > > >
> > >
> >
> Richard Bradley
> Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575
>
> softwire
> Sunday Times Best Small Companies - UK top 25 six years running
> Web : www.softwire.com<http://www.softwire.com/> | Follow us on Twitter :
> @SoftwireUK<https://twitter.com/SoftwireUK>
> Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL
> Softwire Technology Limited. Registered in England no. 3824658. Registered
> Office : Gallery Court, 28 Arcadia Avenue, Finchley, London. N3 2FG
>
