[
https://issues.apache.org/jira/browse/SHIRO-613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15874846#comment-15874846
]
sreenivas Harshith edited comment on SHIRO-613 at 2/20/17 5:33 PM:
-------------------------------------------------------------------
oh sorry :) my bad. Here's the config
# =======================
# Shiro INI configuration
# =======================
[main]
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
customsessiondao=
com.appbackend.framework.core.security.shiro.session.AppSessionDAO
ssessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
ssessionManager.sessionDAO=$customsessiondao
securityManager.sessionManager.globalSessionTimeout=600000
securityManager.sessionManager = $ssessionManager
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
myAppAuthenticationRealm =
com.appbackend.framework.core.security.shiro.realms.AppAuthenticationRealm
myAppAuthenticationRealm.credentialsMatcher = $passwordMatcher
securityManager.realms = $myAppAuthenticationRealm
authcStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.sessionManager.sessionValidationSchedulerEnabled = false
And this is my SessionDAO
package com.appbackend.framework.core.security.shiro.session;
import com.appbackend.framework.core.contexthelpers.AppContext;
import com.appbackend.framework.core.contexthelpers.AppDAOContext;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import java.io.Serializable;
import java.util.Collection;
/**
*
* @author sreenivasHarshith
*
*/
public class AppSessionDAO extends AbstractSessionDAO {
private SimpleSession assertSimpleSession(Session session) {
if (!(session instanceof SimpleSession)) {
throw new IllegalArgumentException(AppSessionDAO.class.getName() +
" implementations only support " +
SimpleSession.class.getName() + " instances.");
}
return (SimpleSession) session;
}
@Override
protected Serializable doCreate(Session sn) {
SimpleSession simpleSession = assertSimpleSession(sn);
Serializable sessionId = generateSessionId(simpleSession);
assignSessionId(simpleSession, sessionId);
boolean result= AppDAOContext.saveSessionToJdbcSessionDAO(simpleSession);
if(!result){throw new RuntimeException("Session Creation Failed!!");}
return sessionId;
}
@Override
protected Session doReadSession(Serializable serializable) {
Session sessionFromDb= AppDAOContext
.conjureSessionFromJdbcSessionDAO(serializable);
return sessionFromDb;
}
@Override
public void update(Session sn) throws UnknownSessionException {
SimpleSession simpleSession = assertSimpleSession(sn);
boolean result=
AppDAOContext.updateSessionInJdbcSessionDAO(simpleSession);
if(!result){throw new RuntimeException("Session Updation Failed!!");}
}
@Override
public void delete(Session sn) {
SimpleSession simpleSession = assertSimpleSession(sn);
boolean res=
AppDAOContext.deleteSessionFromJdbcSessionDAO(simpleSession);
if(!res){throw new RuntimeException("Session Deletion Failed s!!");}
}
@Override
public Collection<Session> getActiveSessions() {
throw new UnsupportedOperationException("Not supported yet.");
}
}
was (Author: sreenivash09):
oh sorry :) my bad. Here's the config
# =======================
# Shiro INI configuration
# =======================
[main]
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
customsessiondao=
com.appbackend.framework.core.security.shiro.session.AppSessionDAO
ssessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
ssessionManager.sessionDAO=$customsessiondao
securityManager.sessionManager.globalSessionTimeout=600000
securityManager.sessionManager = $ssessionManager
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
myAppAuthenticationRealm =
com.appbackend.framework.core.security.shiro.realms.AppAuthenticationRealm
myAppAuthenticationRealm.credentialsMatcher = $passwordMatcher
securityManager.realms = $myAppAuthenticationRealm
authcStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.sessionManager.sessionValidationSchedulerEnabled = false
> StoppedSessionException: Session with id has been explicitly stopped. No
> further interaction under this session is allowed.
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: SHIRO-613
> URL: https://issues.apache.org/jira/browse/SHIRO-613
> Project: Shiro
> Issue Type: Bug
> Components: Authentication (log-in), Session Management
> Affects Versions: 1.3.2
> Reporter: sreenivas Harshith
> Labels: Sessiontimeout, StoppedSessionException, login, session
>
> I am using default shiro native session manager and Session DAO backed by Db
> store for storing sessions. I have set the session timeout to 10 min and I
> have the same user login multiple times, say 8 times. Once the session is
> expired I tried to login with same user credentials from a different client
> and shiro is calling this delete(Session sn) method implemented in my DAO to
> delete those old sessions that are expired. Once the deletion is completed it
> throws an exception with the deleted Session id saying
> org.apache.shiro.session.StoppedSessionException: Session with id
> [a9dd97a1-90d4-435c-b363-f74052dfa0dc] has been explicitly stopped. No
> further interaction under this session is allowed, and it fails to login the
> user.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
