>It might break something else, depending on why your app is using the "ServletContainerSessionManager" in the first place.
Well I found this example on Google. I can change it with no problem. >You could ask the person who set this up for you? I'm the only one working on this code. Unfortunatly my Java knowledge is too basic. Well I would be happy if someone give me a hand for this. For this implementation I need a lot of knowlegde which I don't have. On Wed, May 11, 2016 at 2:00 PM, Richard Bradley < [email protected]> wrote: > > I found this code example ... Is this going to work? > > No, as you can see that code casts the SessionManager to a > "DefaultSessionManager" instance, but your SessionManager is of an > incompatible type. > > > What if I change the SessionManager with something that runs on all > > application servers? > > That might also work. > It might break something else, depending on why your app is using the > "ServletContainerSessionManager" in the first place. > You might well be relying on some feature of that (e.g. integration with > Tomcat sessions). > You could ask the person who set this up for you? > > I can't write this code for you, sorry. I don’t have the time. > > > > -----Original Message----- > From: Peter Penzov [mailto:[email protected]] > Sent: 11 May 2016 11:44 > To: [email protected] > Subject: Re: Get list of all logged users from Apache Shiro > > I found this code example > > > http://stackoverflow.com/questions/21095471/how-to-check-that-user-has-already-logged-in-using-apache-shiro > > > import java.io.Serializable; > import javax.faces.view.ViewScoped; > import javax.inject.Named; > import org.apache.shiro.authc.AuthenticationException; > import org.apache.shiro.authc.AuthenticationToken; > import org.apache.shiro.session.Session; import > org.apache.shiro.session.mgt.DefaultSessionManager; > import org.apache.shiro.subject.SimplePrincipalCollection; > import org.apache.shiro.subject.Subject; import > org.apache.shiro.subject.support.DefaultSubjectContext; > > @Named > @ViewScoped > public class ActiveAccounts extends > org.apache.shiro.mgt.DefaultSecurityManager implements Serializable { > @Override > public Subject login(Subject subject, AuthenticationToken token) > throws AuthenticationException { > > String loginPrincipal = (String) token.getPrincipal(); > DefaultSessionManager sm = (DefaultSessionManager) > getSessionManager(); > for (Session session : sm.getSessionDAO().getActiveSessions()) { > SimplePrincipalCollection p = (SimplePrincipalCollection) > session > > .getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY); > if (p != null && > loginPrincipal.equals(p.getPrimaryPrincipal())) { > throw new AlreadyAuthenticatedException(); > } > > } > return super.login(subject, token); > } > } > > Is this going to work? > > On Wed, May 11, 2016 at 11:46 AM, Peter Penzov <[email protected]> > wrote: > > > What if I change the SessionManager with soething that runs on all > > application servers? > > > > Is there any? > > > > On Wed, May 11, 2016 at 11:42 AM, Richard Bradley < > > [email protected]> wrote: > > > >> If your SessionManager is a "ServletContainerSessionManager", then it > >> means that your sessions are being stored in the underlying Servlet > >> container (e.g. Tomcat). > >> Shiro is not responsible for their storage; it just adds a > >> compatibility layer between that API and its own. My code shown below > >> won't work in that case. > >> > >> Your question then becomes "how do I get a list of all logged in > >> users from my Servlet container". > >> This SO question looks like it has an answer: > >> http://stackoverflow.com/questions/3771103/how-do-i-get-a-list-of-all > >> -httpsession-objects-in-a-web-application > >> > >> You may find other options if you poke about in the documentation or > >> source code of your Servlet container. > >> > >> GL > >> > >> > >> -----Original Message----- > >> From: Peter Penzov [mailto:[email protected]] > >> Sent: 10 May 2016 18:56 > >> To: [email protected] > >> Subject: Re: Get list of all logged users from Apache Shiro > >> > >> I tested this code: > >> > >> I added these lines in shiro.ini > >> > >> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager > >> securityManager.cacheManager = $cacheManager > >> > >> I tested this managed bean: > >> > >> > >> import java.io.Serializable; > >> import java.lang.reflect.InvocationTargetException; > >> import java.lang.reflect.Method; > >> import java.util.Collection; > >> import javax.faces.view.ViewScoped; > >> import javax.inject.Named; > >> import org.apache.shiro.SecurityUtils; import > >> org.apache.shiro.mgt.DefaultSecurityManager; > >> import org.apache.shiro.session.Session; import > >> org.apache.shiro.session.mgt.DefaultSessionManager; > >> import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; > >> > >> @Named > >> @ViewScoped > >> public class ActiveAccounts implements Serializable { > >> public Collection<Session> listAccounts() throws > >> IllegalAccessException, NoSuchMethodException, > >> IllegalArgumentException, InvocationTargetException > >> { > >> DefaultSecurityManager manager = (DefaultSecurityManager) > >> SecurityUtils.getSecurityManager(); > >> DefaultWebSessionManager sessionManager = > >> (DefaultWebSessionManager) manager.getSessionManager(); > >> // invoke "sessionManager.getActiveSessions()" via reflection: > >> Method getActiveSessionsMethod = > >> DefaultSessionManager.class.getDeclaredMethod("getActiveSessions"); > >> getActiveSessionsMethod.setAccessible(true); > >> Collection<Session> activeSessions = (Collection<Session>) > >> getActiveSessionsMethod.invoke(sessionManager); > >> > >> return activeSessions; > >> } > >> > >> } > >> > >> But when I run this code I get > >> > >> javax.faces.el.EvaluationException: java.lang.ClassCastException: > >> org.apache.shiro.web.session.mgt.ServletContainerSessionManager > >> cannot be cast to > >> org.apache.shiro.web.session.mgt.DefaultWebSessionManager > >> at > >> javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(Met > >> hodBindingMethodExpressionAdapter.java:101) > >> at > >> com.sun.faces.application.ActionListenerImpl.processAction(ActionList > >> enerImpl.java:102) at > >> javax.faces.component.UICommand.broadcast(UICommand.java:315) > >> at > >> javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) > >> at > >> javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1 > >> 282) > >> at > >> com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicat > >> ionPhase.java:81) at > >> com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) > >> at > >> com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) > >> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) > >> at > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl > >> icationFilterChain.java:292) > >> at > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF > >> ilterChain.java:207) at > >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52 > >> ) > >> at > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl > >> icationFilterChain.java:240) > >> at > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF > >> ilterChain.java:207) > >> at > >> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilte > >> rChain.java:61) > >> at > >> org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.j > >> ava:108) > >> at > >> org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilt > >> er.java:137) > >> at > >> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerReq > >> uestFilter.java:125) > >> at > >> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilte > >> rChain.java:66) > >> at > >> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(Abstrac > >> tShiroFilter.java:449) > >> at > >> org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiro > >> Filter.java:365) > >> at > >> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallab > >> le.java:90) > >> at > >> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable > >> .java:83) > >> at > >> org.apache.shiro.subject.support.DelegatingSubject.execute(Delegating > >> Subject.java:383) > >> at > >> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(Abs > >> tractShiroFilter.java:362) > >> at > >> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerReq > >> uestFilter.java:125) > >> at > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl > >> icationFilterChain.java:240) > >> at > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF > >> ilterChain.java:207) > >> at > >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV > >> alve.java:212) > >> at > >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV > >> alve.java:106) > >> at > >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica > >> torBase.java:502) > >> at > >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j > >> ava:141) > >> at > >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j > >> ava:79) > >> at > >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcce > >> ssLogValve.java:616) > >> at > >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal > >> ve.java:88) > >> at > >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav > >> a:522) > >> at > >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp > >> 11Processor.java:1095) > >> at > >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process( > >> AbstractProtocol.java:672) > >> at > >> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpo > >> int.java:2500) > >> at > >> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoin > >> t.java:2489) > >> at > >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. > >> java:1142) > >> at > >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor > >> .java:617) > >> at > >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh > >> read.java:61) at java.lang.Thread.run(Thread.java:745) > >> Caused by: java.lang.ClassCastException: > >> org.apache.shiro.web.session.mgt.ServletContainerSessionManager > >> cannot be cast to > >> org.apache.shiro.web.session.mgt.DefaultWebSessionManager > >> at > >> com.crm.web.authentication.ActiveAccounts.listAccounts(ActiveAccounts > >> .java:22) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > >> Method) at > >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > >> java:62) > >> at > >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces > >> sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) > >> at org.apache.el.parser.AstValue.invoke(AstValue.java:247) > >> at > >> org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:2 > >> 67) > >> at > >> org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMe > >> thodExpression.java:40) > >> at > >> org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.ja > >> va:50) > >> at > >> com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpress > >> ion.java:105) > >> at > >> javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(Met > >> hodBindingMethodExpressionAdapter.java:87) > >> ... 43 more > >> > >> > >> > >> Can you give some advice how to fix it? > >> > >> > >> > >> On Tue, May 10, 2016 at 5:06 PM, Richard Bradley < > >> [email protected]> wrote: > >> > >> > If you are using in-memory sessions or EHCache, then > >> > DefaultSessionManager.getActiveSessions() should work. It's a > >> "protected" > >> > method which is designed for use by the stale session sweeper thread. > >> > > >> > import org.apache.shiro.SecurityUtils; import > >> > org.apache.shiro.mgt.DefaultSecurityManager; > >> > import org.apache.shiro.session.Session; import > >> > org.apache.shiro.session.mgt.DefaultSessionManager; > >> > import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; > >> > > >> > DefaultSecurityManager manager = (DefaultSecurityManager) > >> > SecurityUtils.getSecurityManager(); > >> > DefaultWebSessionManager sessionManager = > >> > (DefaultWebSessionManager) manager.getSessionManager(); > >> > // invoke "sessionManager.getActiveSessions()" via reflection: > >> > Method getActiveSessionsMethod = > >> > DefaultSessionManager.class.getDeclaredMethod("getActiveSessions"); > >> > getActiveSessionsMethod.setAccessible(true); > >> > Collection<Session> activeSessions = (Collection<Session>) > >> > getActiveSessionsMethod.invoke(sessionManager); > >> > > >> > return activeSessions.toString(); > >> > > >> > > >> > If you have a more complicated setup, then you need to have a look > >> > at the implementation of your SessionDAO and adjust the above code > >> accordingly. > >> > (The default setup should work with the above code; I think you can > >> > remove the cache you added in your email below.) > >> > > >> > GL > >> > > >> > > >> > Rich > >> > > >> > > >> > -----Original Message----- > >> > From: Peter Penzov [mailto:[email protected]] > >> > Sent: 10 May 2016 11:07 > >> > To: [email protected] > >> > Subject: Re: Get list of all logged users from Apache Shiro > >> > > >> > Thanks, I added > >> > > >> > cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager > >> > securityManager.cacheManager = $cacheManager > >> > > >> > How I can get the sessions using Java. Can you show me some Java > >> > code sample, please? > >> > > >> > > >> > > >> > On Tue, May 10, 2016 at 12:56 PM, Thibault TIGEON < > >> > [email protected] > >> > > wrote: > >> > > >> > > You can find the documentation concerning the cache here : > >> > > http://shiro.apache.org/caching.html > >> > > > >> > > Rgds, > >> > > > >> > > Thibault > >> > > > >> > > 2016-05-10 11:33 GMT+02:00 Peter Penzov <[email protected]>: > >> > > > >> > > > Hi Darin, > >> > > > Thank you for the response. I use this shiro.ini configuration: > >> > > > > >> > > > [main] > >> > > > shiro.loginUrl = /authentication/login.xhtml dataSource = > >> > > > org.apache.shiro.jndi.JndiObjectFactory > >> > > > dataSource.resourceName = jdbc/DefaultDB dataSource.resourceRef > >> > > > = true jdbcRealm = com.crm.web.authentication.JdbcRealm > >> > > > jdbcRealm.dataSource = $dataSource > >> > > > jdbcRealm.permissionsLookupEnabled = true securityManager.realm > >> > > > = $jdbcRealm passwordMatcher = > >> > > > org.apache.shiro.authc.credential.Sha256CredentialsMatcher > >> > > > credentialsMatcher = > >> > > > org.apache.shiro.authc.credential.HashedCredentialsMatcher > >> > > > credentialsMatcher.hashAlgorithmName = SHA-256 > >> > > > credentialsMatcher.storedCredentialsHexEncoded = true > >> > > > credentialsMatcher.hashIterations = 5000 multipleroles = > >> > > com.crm.web.authentication.MultipleRolesAuthorizationFilter > >> > > > > >> > > > [urls] > >> > > > /authentication/login.xhtml = authc > >> > > > /authentication/passwordreset.xhtml = anon > >> > > > /javax.faces.resource/** = anon > >> > > > /** = authc > >> > > > > >> > > > How I can add cache? > >> > > > > >> > > > On Tue, May 10, 2016 at 12:18 PM, Darin Gordon > >> > > > <[email protected]> > >> > wrote: > >> > > > > >> > > > > If you're using a cache, you could get active sessions from > >> > > > > it , deserialize each session, and find those that have the " > >> > > > > is > >> > > > authenticated " > >> > > > > flag set. Authenticated sessions will have user > >> > > > > identification in > >> > > them, > >> > > > > too. > >> > > > > On May 10, 2016 2:26 AM, "Peter Penzov" > >> > > > > <[email protected]> > >> > > wrote: > >> > > > > > >> > > > > > Hi All, > >> > > > > > How I can get all logged in users as a list in Apache > Shiro? > >> > > > > > > >> > > > > > Can you give me some example? > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > Richard Bradley > >> > Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575 > >> > > >> > softwire > >> > Sunday Times Best Small Companies - UK top 25 six years running Web : > >> > www.softwire.com<http://www.softwire.com/> | Follow us on Twitter : > >> > @SoftwireUK<https://twitter.com/SoftwireUK> > >> > Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL > >> > Softwire Technology Limited. Registered in England no. 3824658. > >> > Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley, > London. > >> N3 2FG > >> > > >> Richard Bradley > >> Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575 > >> > >> softwire > >> Sunday Times Best Small Companies - UK top 25 six years running Web : > >> www.softwire.com<http://www.softwire.com/> | Follow us on Twitter > >> : @SoftwireUK<https://twitter.com/SoftwireUK> > >> Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL > >> Softwire Technology Limited. Registered in England no. 3824658. > >> Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley, > >> London. N3 2FG > >> > > > > > Richard Bradley > Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575 > > softwire > Sunday Times Best Small Companies - UK top 25 six years running > Web : www.softwire.com<http://www.softwire.com/> | Follow us on Twitter : > @SoftwireUK<https://twitter.com/SoftwireUK> > Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL > Softwire Technology Limited. Registered in England no. 3824658. Registered > Office : Gallery Court, 28 Arcadia Avenue, Finchley, London. N3 2FG >
