[jira] [Comment Edited] (SHIRO-613) StoppedSessionException: Session with id has been explicitly stopped. No further interaction under this session is allowed.

sreenivas Harshith (JIRA) Mon, 20 Feb 2017 09:37:04 -0800

    [ 
https://issues.apache.org/jira/browse/SHIRO-613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15874846#comment-15874846
 ]


sreenivas Harshith edited comment on SHIRO-613 at 2/20/17 5:35 PM:
-------------------------------------------------------------------

oh sorry :) my bad. Here's the config 



# =======================
# Shiro INI configuration
# =======================

[main]
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager

passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
customsessiondao= 
com.appbackend.framework.core.security.shiro.session.AppSessionDAO
ssessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
ssessionManager.sessionDAO=$customsessiondao
securityManager.sessionManager.globalSessionTimeout=600000
securityManager.sessionManager = $ssessionManager
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
myAppAuthenticationRealm = 
com.appbackend.framework.core.security.shiro.realms.AppAuthenticationRealm
myAppAuthenticationRealm.credentialsMatcher = $passwordMatcher
securityManager.realms = $myAppAuthenticationRealm
authcStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.sessionManager.sessionValidationSchedulerEnabled = false



And this is my SessionDAO














package com.appbackend.framework.core.security.shiro.session;
import com.appbackend.framework.core.contexthelpers.AppContext;
import com.appbackend.framework.core.contexthelpers.AppDAOContext;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import java.io.Serializable;
import java.util.Collection;

/**
 *
 * @author sreenivasHarshith
 *
 */

 
public class AppSessionDAO extends AbstractSessionDAO {

    private SimpleSession assertSimpleSession(Session session) {
        if (!(session instanceof SimpleSession)) {
            throw new IllegalArgumentException(AppSessionDAO.class.getName() + 
" implementations only support " +
                    SimpleSession.class.getName() + " instances.");
        }
       
        return (SimpleSession) session;
    }

    @Override
    protected Serializable doCreate(Session sn) {
        
        SimpleSession simpleSession = assertSimpleSession(sn);       
        Serializable sessionId = generateSessionId(simpleSession);
        assignSessionId(simpleSession, sessionId);        
      boolean result=  AppDAOContext.saveSessionToJdbcSessionDAO(simpleSession);
      if(!result){throw new RuntimeException("Session Creation Failed!!");}     
 
        return  sessionId;
    }

    @Override
    protected Session doReadSession(Serializable serializable) {    
       
            Session sessionFromDb= AppDAOContext
                .conjureSessionFromJdbcSessionDAO(serializable);          
            return sessionFromDb;       
      
      
    }

    @Override
    public void update(Session sn) throws UnknownSessionException {
      
        SimpleSession simpleSession = assertSimpleSession(sn);    
      boolean result=  
AppDAOContext.updateSessionInJdbcSessionDAO(simpleSession);
      if(!result){throw new RuntimeException("Session Updation Failed!!");}
    }

    @Override
    public void delete(Session sn) {

        SimpleSession simpleSession = assertSimpleSession(sn);
        boolean res= 
AppDAOContext.deleteSessionFromJdbcSessionDAO(simpleSession);
        if(!res){throw new RuntimeException("Session Deletion Failed s!!");}
    }

    @Override
    public Collection<Session> getActiveSessions() {
        throw new UnsupportedOperationException("Not supported yet."); 
    }
    
}



Also let me know if this is the problem with DAO implementation


was (Author: sreenivash09):
oh sorry :) my bad. Here's the config 



# =======================
# Shiro INI configuration
# =======================

[main]
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager

passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
customsessiondao= 
com.appbackend.framework.core.security.shiro.session.AppSessionDAO
ssessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
ssessionManager.sessionDAO=$customsessiondao
securityManager.sessionManager.globalSessionTimeout=600000
securityManager.sessionManager = $ssessionManager
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
myAppAuthenticationRealm = 
com.appbackend.framework.core.security.shiro.realms.AppAuthenticationRealm
myAppAuthenticationRealm.credentialsMatcher = $passwordMatcher
securityManager.realms = $myAppAuthenticationRealm
authcStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.sessionManager.sessionValidationSchedulerEnabled = false



And this is my SessionDAO














package com.appbackend.framework.core.security.shiro.session;
import com.appbackend.framework.core.contexthelpers.AppContext;
import com.appbackend.framework.core.contexthelpers.AppDAOContext;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import java.io.Serializable;
import java.util.Collection;

/**
 *
 * @author sreenivasHarshith
 *
 */

 
public class AppSessionDAO extends AbstractSessionDAO {

    private SimpleSession assertSimpleSession(Session session) {
        if (!(session instanceof SimpleSession)) {
            throw new IllegalArgumentException(AppSessionDAO.class.getName() + 
" implementations only support " +
                    SimpleSession.class.getName() + " instances.");
        }
       
        return (SimpleSession) session;
    }

    @Override
    protected Serializable doCreate(Session sn) {
        
        SimpleSession simpleSession = assertSimpleSession(sn);       
        Serializable sessionId = generateSessionId(simpleSession);
        assignSessionId(simpleSession, sessionId);        
      boolean result=  AppDAOContext.saveSessionToJdbcSessionDAO(simpleSession);
      if(!result){throw new RuntimeException("Session Creation Failed!!");}     
 
        return  sessionId;
    }

    @Override
    protected Session doReadSession(Serializable serializable) {    
       
            Session sessionFromDb= AppDAOContext
                .conjureSessionFromJdbcSessionDAO(serializable);          
            return sessionFromDb;       
      
      
    }

    @Override
    public void update(Session sn) throws UnknownSessionException {
      
        SimpleSession simpleSession = assertSimpleSession(sn);    
      boolean result=  
AppDAOContext.updateSessionInJdbcSessionDAO(simpleSession);
      if(!result){throw new RuntimeException("Session Updation Failed!!");}
    }

    @Override
    public void delete(Session sn) {

        SimpleSession simpleSession = assertSimpleSession(sn);
        boolean res= 
AppDAOContext.deleteSessionFromJdbcSessionDAO(simpleSession);
        if(!res){throw new RuntimeException("Session Deletion Failed s!!");}
    }

    @Override
    public Collection<Session> getActiveSessions() {
        throw new UnsupportedOperationException("Not supported yet."); 
    }
    
}





> StoppedSessionException: Session with id has been explicitly stopped.  No 
> further interaction under this session is allowed.
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-613
>                 URL: https://issues.apache.org/jira/browse/SHIRO-613
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in), Session Management
>    Affects Versions: 1.3.2
>            Reporter: sreenivas Harshith
>              Labels: Sessiontimeout, StoppedSessionException, login, session
>
> I am using default shiro native session manager and Session DAO backed by Db 
> store for storing sessions. I have set the session timeout to 10 min and I 
> have the same user login multiple times, say 8 times. Once the session is 
> expired I tried to login with same user credentials from a different client 
> and shiro is calling this delete(Session sn) method implemented in my DAO to 
> delete those old sessions that are expired. Once the deletion is completed it 
> throws an exception with the deleted Session id saying 
> org.apache.shiro.session.StoppedSessionException: Session with id 
> [a9dd97a1-90d4-435c-b363-f74052dfa0dc] has been explicitly stopped.  No 
> further interaction under this session is allowed, and  it fails to login the 
> user.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Comment Edited] (SHIRO-613) StoppedSessionException: Session with id has been explicitly stopped. No further interaction under this session is allowed.

Reply via email to