Is there someone else who have successfully implemented this? On Wed, May 11, 2016 at 2:12 PM, Peter Penzov <[email protected]> wrote:
> >It might break something else, depending on why your app is using the > "ServletContainerSessionManager" in the first place. > > Well I found this example on Google. I can change it with no problem. > > >You could ask the person who set this up for you? > > I'm the only one working on this code. Unfortunatly my Java knowledge is > too basic. > > Well I would be happy if someone give me a hand for this. For this > implementation I need a lot of knowlegde which I don't have. > > On Wed, May 11, 2016 at 2:00 PM, Richard Bradley < > [email protected]> wrote: > >> > I found this code example ... Is this going to work? >> >> No, as you can see that code casts the SessionManager to a >> "DefaultSessionManager" instance, but your SessionManager is of an >> incompatible type. >> >> > What if I change the SessionManager with something that runs on all >> > application servers? >> >> That might also work. >> It might break something else, depending on why your app is using the >> "ServletContainerSessionManager" in the first place. >> You might well be relying on some feature of that (e.g. integration with >> Tomcat sessions). >> You could ask the person who set this up for you? >> >> I can't write this code for you, sorry. I don’t have the time. >> >> >> >> -----Original Message----- >> From: Peter Penzov [mailto:[email protected]] >> Sent: 11 May 2016 11:44 >> To: [email protected] >> Subject: Re: Get list of all logged users from Apache Shiro >> >> I found this code example >> >> >> http://stackoverflow.com/questions/21095471/how-to-check-that-user-has-already-logged-in-using-apache-shiro >> >> >> import java.io.Serializable; >> import javax.faces.view.ViewScoped; >> import javax.inject.Named; >> import org.apache.shiro.authc.AuthenticationException; >> import org.apache.shiro.authc.AuthenticationToken; >> import org.apache.shiro.session.Session; import >> org.apache.shiro.session.mgt.DefaultSessionManager; >> import org.apache.shiro.subject.SimplePrincipalCollection; >> import org.apache.shiro.subject.Subject; import >> org.apache.shiro.subject.support.DefaultSubjectContext; >> >> @Named >> @ViewScoped >> public class ActiveAccounts extends >> org.apache.shiro.mgt.DefaultSecurityManager implements Serializable { >> @Override >> public Subject login(Subject subject, AuthenticationToken token) >> throws AuthenticationException { >> >> String loginPrincipal = (String) token.getPrincipal(); >> DefaultSessionManager sm = (DefaultSessionManager) >> getSessionManager(); >> for (Session session : sm.getSessionDAO().getActiveSessions()) { >> SimplePrincipalCollection p = (SimplePrincipalCollection) >> session >> >> .getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY); >> if (p != null && >> loginPrincipal.equals(p.getPrimaryPrincipal())) { >> throw new AlreadyAuthenticatedException(); >> } >> >> } >> return super.login(subject, token); >> } >> } >> >> Is this going to work? >> >> On Wed, May 11, 2016 at 11:46 AM, Peter Penzov <[email protected]> >> wrote: >> >> > What if I change the SessionManager with soething that runs on all >> > application servers? >> > >> > Is there any? >> > >> > On Wed, May 11, 2016 at 11:42 AM, Richard Bradley < >> > [email protected]> wrote: >> > >> >> If your SessionManager is a "ServletContainerSessionManager", then it >> >> means that your sessions are being stored in the underlying Servlet >> >> container (e.g. Tomcat). >> >> Shiro is not responsible for their storage; it just adds a >> >> compatibility layer between that API and its own. My code shown below >> >> won't work in that case. >> >> >> >> Your question then becomes "how do I get a list of all logged in >> >> users from my Servlet container". >> >> This SO question looks like it has an answer: >> >> http://stackoverflow.com/questions/3771103/how-do-i-get-a-list-of-all >> >> -httpsession-objects-in-a-web-application >> >> >> >> You may find other options if you poke about in the documentation or >> >> source code of your Servlet container. >> >> >> >> GL >> >> >> >> >> >> -----Original Message----- >> >> From: Peter Penzov [mailto:[email protected]] >> >> Sent: 10 May 2016 18:56 >> >> To: [email protected] >> >> Subject: Re: Get list of all logged users from Apache Shiro >> >> >> >> I tested this code: >> >> >> >> I added these lines in shiro.ini >> >> >> >> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager >> >> securityManager.cacheManager = $cacheManager >> >> >> >> I tested this managed bean: >> >> >> >> >> >> import java.io.Serializable; >> >> import java.lang.reflect.InvocationTargetException; >> >> import java.lang.reflect.Method; >> >> import java.util.Collection; >> >> import javax.faces.view.ViewScoped; >> >> import javax.inject.Named; >> >> import org.apache.shiro.SecurityUtils; import >> >> org.apache.shiro.mgt.DefaultSecurityManager; >> >> import org.apache.shiro.session.Session; import >> >> org.apache.shiro.session.mgt.DefaultSessionManager; >> >> import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; >> >> >> >> @Named >> >> @ViewScoped >> >> public class ActiveAccounts implements Serializable { >> >> public Collection<Session> listAccounts() throws >> >> IllegalAccessException, NoSuchMethodException, >> >> IllegalArgumentException, InvocationTargetException >> >> { >> >> DefaultSecurityManager manager = (DefaultSecurityManager) >> >> SecurityUtils.getSecurityManager(); >> >> DefaultWebSessionManager sessionManager = >> >> (DefaultWebSessionManager) manager.getSessionManager(); >> >> // invoke "sessionManager.getActiveSessions()" via reflection: >> >> Method getActiveSessionsMethod = >> >> DefaultSessionManager.class.getDeclaredMethod("getActiveSessions"); >> >> getActiveSessionsMethod.setAccessible(true); >> >> Collection<Session> activeSessions = (Collection<Session>) >> >> getActiveSessionsMethod.invoke(sessionManager); >> >> >> >> return activeSessions; >> >> } >> >> >> >> } >> >> >> >> But when I run this code I get >> >> >> >> javax.faces.el.EvaluationException: java.lang.ClassCastException: >> >> org.apache.shiro.web.session.mgt.ServletContainerSessionManager >> >> cannot be cast to >> >> org.apache.shiro.web.session.mgt.DefaultWebSessionManager >> >> at >> >> javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(Met >> >> hodBindingMethodExpressionAdapter.java:101) >> >> at >> >> com.sun.faces.application.ActionListenerImpl.processAction(ActionList >> >> enerImpl.java:102) at >> >> javax.faces.component.UICommand.broadcast(UICommand.java:315) >> >> at >> >> javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790) >> >> at >> >> javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1 >> >> 282) >> >> at >> >> com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicat >> >> ionPhase.java:81) at >> >> com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) >> >> at >> >> com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) >> >> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658) >> >> at >> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl >> >> icationFilterChain.java:292) >> >> at >> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF >> >> ilterChain.java:207) at >> >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52 >> >> ) >> >> at >> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl >> >> icationFilterChain.java:240) >> >> at >> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF >> >> ilterChain.java:207) >> >> at >> >> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilte >> >> rChain.java:61) >> >> at >> >> org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.j >> >> ava:108) >> >> at >> >> org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilt >> >> er.java:137) >> >> at >> >> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerReq >> >> uestFilter.java:125) >> >> at >> >> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilte >> >> rChain.java:66) >> >> at >> >> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(Abstrac >> >> tShiroFilter.java:449) >> >> at >> >> org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiro >> >> Filter.java:365) >> >> at >> >> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallab >> >> le.java:90) >> >> at >> >> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable >> >> .java:83) >> >> at >> >> org.apache.shiro.subject.support.DelegatingSubject.execute(Delegating >> >> Subject.java:383) >> >> at >> >> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(Abs >> >> tractShiroFilter.java:362) >> >> at >> >> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerReq >> >> uestFilter.java:125) >> >> at >> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl >> >> icationFilterChain.java:240) >> >> at >> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF >> >> ilterChain.java:207) >> >> at >> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV >> >> alve.java:212) >> >> at >> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV >> >> alve.java:106) >> >> at >> >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica >> >> torBase.java:502) >> >> at >> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j >> >> ava:141) >> >> at >> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j >> >> ava:79) >> >> at >> >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcce >> >> ssLogValve.java:616) >> >> at >> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal >> >> ve.java:88) >> >> at >> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav >> >> a:522) >> >> at >> >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp >> >> 11Processor.java:1095) >> >> at >> >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process( >> >> AbstractProtocol.java:672) >> >> at >> >> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpo >> >> int.java:2500) >> >> at >> >> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoin >> >> t.java:2489) >> >> at >> >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. >> >> java:1142) >> >> at >> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor >> >> .java:617) >> >> at >> >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh >> >> read.java:61) at java.lang.Thread.run(Thread.java:745) >> >> Caused by: java.lang.ClassCastException: >> >> org.apache.shiro.web.session.mgt.ServletContainerSessionManager >> >> cannot be cast to >> >> org.apache.shiro.web.session.mgt.DefaultWebSessionManager >> >> at >> >> com.crm.web.authentication.ActiveAccounts.listAccounts(ActiveAccounts >> >> .java:22) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native >> >> Method) at >> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. >> >> java:62) >> >> at >> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces >> >> sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) >> >> at org.apache.el.parser.AstValue.invoke(AstValue.java:247) >> >> at >> >> org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:2 >> >> 67) >> >> at >> >> org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMe >> >> thodExpression.java:40) >> >> at >> >> org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.ja >> >> va:50) >> >> at >> >> com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpress >> >> ion.java:105) >> >> at >> >> javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(Met >> >> hodBindingMethodExpressionAdapter.java:87) >> >> ... 43 more >> >> >> >> >> >> >> >> Can you give some advice how to fix it? >> >> >> >> >> >> >> >> On Tue, May 10, 2016 at 5:06 PM, Richard Bradley < >> >> [email protected]> wrote: >> >> >> >> > If you are using in-memory sessions or EHCache, then >> >> > DefaultSessionManager.getActiveSessions() should work. It's a >> >> "protected" >> >> > method which is designed for use by the stale session sweeper thread. >> >> > >> >> > import org.apache.shiro.SecurityUtils; import >> >> > org.apache.shiro.mgt.DefaultSecurityManager; >> >> > import org.apache.shiro.session.Session; import >> >> > org.apache.shiro.session.mgt.DefaultSessionManager; >> >> > import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; >> >> > >> >> > DefaultSecurityManager manager = (DefaultSecurityManager) >> >> > SecurityUtils.getSecurityManager(); >> >> > DefaultWebSessionManager sessionManager = >> >> > (DefaultWebSessionManager) manager.getSessionManager(); >> >> > // invoke "sessionManager.getActiveSessions()" via >> reflection: >> >> > Method getActiveSessionsMethod = >> >> > DefaultSessionManager.class.getDeclaredMethod("getActiveSessions"); >> >> > getActiveSessionsMethod.setAccessible(true); >> >> > Collection<Session> activeSessions = (Collection<Session>) >> >> > getActiveSessionsMethod.invoke(sessionManager); >> >> > >> >> > return activeSessions.toString(); >> >> > >> >> > >> >> > If you have a more complicated setup, then you need to have a look >> >> > at the implementation of your SessionDAO and adjust the above code >> >> accordingly. >> >> > (The default setup should work with the above code; I think you can >> >> > remove the cache you added in your email below.) >> >> > >> >> > GL >> >> > >> >> > >> >> > Rich >> >> > >> >> > >> >> > -----Original Message----- >> >> > From: Peter Penzov [mailto:[email protected]] >> >> > Sent: 10 May 2016 11:07 >> >> > To: [email protected] >> >> > Subject: Re: Get list of all logged users from Apache Shiro >> >> > >> >> > Thanks, I added >> >> > >> >> > cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager >> >> > securityManager.cacheManager = $cacheManager >> >> > >> >> > How I can get the sessions using Java. Can you show me some Java >> >> > code sample, please? >> >> > >> >> > >> >> > >> >> > On Tue, May 10, 2016 at 12:56 PM, Thibault TIGEON < >> >> > [email protected] >> >> > > wrote: >> >> > >> >> > > You can find the documentation concerning the cache here : >> >> > > http://shiro.apache.org/caching.html >> >> > > >> >> > > Rgds, >> >> > > >> >> > > Thibault >> >> > > >> >> > > 2016-05-10 11:33 GMT+02:00 Peter Penzov <[email protected]>: >> >> > > >> >> > > > Hi Darin, >> >> > > > Thank you for the response. I use this shiro.ini >> configuration: >> >> > > > >> >> > > > [main] >> >> > > > shiro.loginUrl = /authentication/login.xhtml dataSource = >> >> > > > org.apache.shiro.jndi.JndiObjectFactory >> >> > > > dataSource.resourceName = jdbc/DefaultDB dataSource.resourceRef >> >> > > > = true jdbcRealm = com.crm.web.authentication.JdbcRealm >> >> > > > jdbcRealm.dataSource = $dataSource >> >> > > > jdbcRealm.permissionsLookupEnabled = true securityManager.realm >> >> > > > = $jdbcRealm passwordMatcher = >> >> > > > org.apache.shiro.authc.credential.Sha256CredentialsMatcher >> >> > > > credentialsMatcher = >> >> > > > org.apache.shiro.authc.credential.HashedCredentialsMatcher >> >> > > > credentialsMatcher.hashAlgorithmName = SHA-256 >> >> > > > credentialsMatcher.storedCredentialsHexEncoded = true >> >> > > > credentialsMatcher.hashIterations = 5000 multipleroles = >> >> > > com.crm.web.authentication.MultipleRolesAuthorizationFilter >> >> > > > >> >> > > > [urls] >> >> > > > /authentication/login.xhtml = authc >> >> > > > /authentication/passwordreset.xhtml = anon >> >> > > > /javax.faces.resource/** = anon >> >> > > > /** = authc >> >> > > > >> >> > > > How I can add cache? >> >> > > > >> >> > > > On Tue, May 10, 2016 at 12:18 PM, Darin Gordon >> >> > > > <[email protected]> >> >> > wrote: >> >> > > > >> >> > > > > If you're using a cache, you could get active sessions from >> >> > > > > it , deserialize each session, and find those that have the " >> >> > > > > is >> >> > > > authenticated " >> >> > > > > flag set. Authenticated sessions will have user >> >> > > > > identification in >> >> > > them, >> >> > > > > too. >> >> > > > > On May 10, 2016 2:26 AM, "Peter Penzov" >> >> > > > > <[email protected]> >> >> > > wrote: >> >> > > > > >> >> > > > > > Hi All, >> >> > > > > > How I can get all logged in users as a list in Apache >> Shiro? >> >> > > > > > >> >> > > > > > Can you give me some example? >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> >> > Richard Bradley >> >> > Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575 >> >> > >> >> > softwire >> >> > Sunday Times Best Small Companies - UK top 25 six years running Web : >> >> > www.softwire.com<http://www.softwire.com/> | Follow us on Twitter : >> >> > @SoftwireUK<https://twitter.com/SoftwireUK> >> >> > Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL >> >> > Softwire Technology Limited. Registered in England no. 3824658. >> >> > Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley, >> London. >> >> N3 2FG >> >> > >> >> Richard Bradley >> >> Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575 >> >> >> >> softwire >> >> Sunday Times Best Small Companies - UK top 25 six years running Web : >> >> www.softwire.com<http://www.softwire.com/> | Follow us on Twitter >> >> : @SoftwireUK<https://twitter.com/SoftwireUK> >> >> Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL >> >> Softwire Technology Limited. Registered in England no. 3824658. >> >> Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley, >> >> London. N3 2FG >> >> >> > >> > >> Richard Bradley >> Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575 >> >> softwire >> Sunday Times Best Small Companies - UK top 25 six years running >> Web : www.softwire.com<http://www.softwire.com/> | Follow us on Twitter >> : @SoftwireUK<https://twitter.com/SoftwireUK> >> Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL >> Softwire Technology Limited. Registered in England no. 3824658. >> Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley, London. N3 >> 2FG >> > >
