What if I change the SessionManager with soething that runs on all application servers?
Is there any? On Wed, May 11, 2016 at 11:42 AM, Richard Bradley < [email protected]> wrote: > If your SessionManager is a "ServletContainerSessionManager", then it > means that your sessions are being stored in the underlying Servlet > container (e.g. Tomcat). > Shiro is not responsible for their storage; it just adds a compatibility > layer between that API and its own. My code shown below won't work in that > case. > > Your question then becomes "how do I get a list of all logged in users > from my Servlet container". > This SO question looks like it has an answer: > http://stackoverflow.com/questions/3771103/how-do-i-get-a-list-of-all-httpsession-objects-in-a-web-application > > You may find other options if you poke about in the documentation or > source code of your Servlet container. > > GL > > > -----Original Message----- > From: Peter Penzov [mailto:[email protected]] > Sent: 10 May 2016 18:56 > To: [email protected] > Subject: Re: Get list of all logged users from Apache Shiro > > I tested this code: > > I added these lines in shiro.ini > > cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager > securityManager.cacheManager = $cacheManager > > I tested this managed bean: > > > import java.io.Serializable; > import java.lang.reflect.InvocationTargetException; > import java.lang.reflect.Method; > import java.util.Collection; > import javax.faces.view.ViewScoped; > import javax.inject.Named; > import org.apache.shiro.SecurityUtils; > import org.apache.shiro.mgt.DefaultSecurityManager; > import org.apache.shiro.session.Session; import > org.apache.shiro.session.mgt.DefaultSessionManager; > import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; > > @Named > @ViewScoped > public class ActiveAccounts implements Serializable { > public Collection<Session> listAccounts() throws > IllegalAccessException, NoSuchMethodException, IllegalArgumentException, > InvocationTargetException > { > DefaultSecurityManager manager = (DefaultSecurityManager) > SecurityUtils.getSecurityManager(); > DefaultWebSessionManager sessionManager = > (DefaultWebSessionManager) manager.getSessionManager(); > // invoke "sessionManager.getActiveSessions()" via reflection: > Method getActiveSessionsMethod = > DefaultSessionManager.class.getDeclaredMethod("getActiveSessions"); > getActiveSessionsMethod.setAccessible(true); > Collection<Session> activeSessions = (Collection<Session>) > getActiveSessionsMethod.invoke(sessionManager); > > return activeSessions; > } > > } > > But when I run this code I get > > javax.faces.el.EvaluationException: java.lang.ClassCastException: > org.apache.shiro.web.session.mgt.ServletContainerSessionManager cannot be > cast to org.apache.shiro.web.session.mgt.DefaultWebSessionManager > at > javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:101) > at > com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) > at javax.faces.component.UICommand.broadcast(UICommand.java:315) > at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) > at > javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282) > at > com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81) > at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) > at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) > at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) > at > org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) > at > org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) > at > org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) > at > org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) > at > org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) > at > org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) > at > org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) > at > org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) > at > org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) > at > org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) > at > org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) > at > org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) > at > org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2500) > at > org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2489) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.lang.ClassCastException: > org.apache.shiro.web.session.mgt.ServletContainerSessionManager cannot be > cast to org.apache.shiro.web.session.mgt.DefaultWebSessionManager > at > com.crm.web.authentication.ActiveAccounts.listAccounts(ActiveAccounts.java:22) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.el.parser.AstValue.invoke(AstValue.java:247) > at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:267) > at > org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) > at > org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) > at > com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105) > at > javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87) > ... 43 more > > > > Can you give some advice how to fix it? > > > > On Tue, May 10, 2016 at 5:06 PM, Richard Bradley < > [email protected]> wrote: > > > If you are using in-memory sessions or EHCache, then > > DefaultSessionManager.getActiveSessions() should work. It's a "protected" > > method which is designed for use by the stale session sweeper thread. > > > > import org.apache.shiro.SecurityUtils; import > > org.apache.shiro.mgt.DefaultSecurityManager; > > import org.apache.shiro.session.Session; import > > org.apache.shiro.session.mgt.DefaultSessionManager; > > import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; > > > > DefaultSecurityManager manager = (DefaultSecurityManager) > > SecurityUtils.getSecurityManager(); > > DefaultWebSessionManager sessionManager = > > (DefaultWebSessionManager) manager.getSessionManager(); > > // invoke "sessionManager.getActiveSessions()" via reflection: > > Method getActiveSessionsMethod = > > DefaultSessionManager.class.getDeclaredMethod("getActiveSessions"); > > getActiveSessionsMethod.setAccessible(true); > > Collection<Session> activeSessions = (Collection<Session>) > > getActiveSessionsMethod.invoke(sessionManager); > > > > return activeSessions.toString(); > > > > > > If you have a more complicated setup, then you need to have a look at > > the implementation of your SessionDAO and adjust the above code > accordingly. > > (The default setup should work with the above code; I think you can > > remove the cache you added in your email below.) > > > > GL > > > > > > Rich > > > > > > -----Original Message----- > > From: Peter Penzov [mailto:[email protected]] > > Sent: 10 May 2016 11:07 > > To: [email protected] > > Subject: Re: Get list of all logged users from Apache Shiro > > > > Thanks, I added > > > > cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager > > securityManager.cacheManager = $cacheManager > > > > How I can get the sessions using Java. Can you show me some Java code > > sample, please? > > > > > > > > On Tue, May 10, 2016 at 12:56 PM, Thibault TIGEON < > > [email protected] > > > wrote: > > > > > You can find the documentation concerning the cache here : > > > http://shiro.apache.org/caching.html > > > > > > Rgds, > > > > > > Thibault > > > > > > 2016-05-10 11:33 GMT+02:00 Peter Penzov <[email protected]>: > > > > > > > Hi Darin, > > > > Thank you for the response. I use this shiro.ini configuration: > > > > > > > > [main] > > > > shiro.loginUrl = /authentication/login.xhtml dataSource = > > > > org.apache.shiro.jndi.JndiObjectFactory > > > > dataSource.resourceName = jdbc/DefaultDB dataSource.resourceRef = > > > > true jdbcRealm = com.crm.web.authentication.JdbcRealm > > > > jdbcRealm.dataSource = $dataSource > > > > jdbcRealm.permissionsLookupEnabled = true securityManager.realm = > > > > $jdbcRealm passwordMatcher = > > > > org.apache.shiro.authc.credential.Sha256CredentialsMatcher > > > > credentialsMatcher = > > > > org.apache.shiro.authc.credential.HashedCredentialsMatcher > > > > credentialsMatcher.hashAlgorithmName = SHA-256 > > > > credentialsMatcher.storedCredentialsHexEncoded = true > > > > credentialsMatcher.hashIterations = 5000 multipleroles = > > > com.crm.web.authentication.MultipleRolesAuthorizationFilter > > > > > > > > [urls] > > > > /authentication/login.xhtml = authc > > > > /authentication/passwordreset.xhtml = anon > > > > /javax.faces.resource/** = anon > > > > /** = authc > > > > > > > > How I can add cache? > > > > > > > > On Tue, May 10, 2016 at 12:18 PM, Darin Gordon <[email protected]> > > wrote: > > > > > > > > > If you're using a cache, you could get active sessions from it , > > > > > deserialize each session, and find those that have the " is > > > > authenticated " > > > > > flag set. Authenticated sessions will have user identification > > > > > in > > > them, > > > > > too. > > > > > On May 10, 2016 2:26 AM, "Peter Penzov" <[email protected]> > > > wrote: > > > > > > > > > > > Hi All, > > > > > > How I can get all logged in users as a list in Apache Shiro? > > > > > > > > > > > > Can you give me some example? > > > > > > > > > > > > > > > > > > > > Richard Bradley > > Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575 > > > > softwire > > Sunday Times Best Small Companies - UK top 25 six years running Web : > > www.softwire.com<http://www.softwire.com/> | Follow us on Twitter : > > @SoftwireUK<https://twitter.com/SoftwireUK> > > Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL > > Softwire Technology Limited. Registered in England no. 3824658. > > Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley, London. > N3 2FG > > > Richard Bradley > Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575 > > softwire > Sunday Times Best Small Companies - UK top 25 six years running > Web : www.softwire.com<http://www.softwire.com/> | Follow us on Twitter : > @SoftwireUK<https://twitter.com/SoftwireUK> > Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL > Softwire Technology Limited. Registered in England no. 3824658. Registered > Office : Gallery Court, 28 Arcadia Avenue, Finchley, London. N3 2FG >
