Re: Subject reset when page refreshed with F5 the second time

Fri, 03 Apr 2009 05:57:01 -0700 

Hi Shams,

Your Groovy class "JSecurityFilters" doesn't appear to do everything
necessary.  Look at the existing 'master' Filter here:
https://svn.apache.org/repos/asf/incubator/jsecurity/trunk/web/src/main/java/org/apache/ki/web/servlet/KiFilter.java

It needs to wrap the servlet request and, depending on the sessionMode, the
servlet response for special 'interceptor' functionality.

I'm not a Grails user, so you'll have to excuse my ignorance, but why aren't
you using the standard KiFilter (was called JSecurityFilter)?  I was fairly
certain that the Grails JSecurity plugin would enable it (but I could be
wrong).

Regards,

Les

On Thu, Apr 2, 2009 at 3:21 PM, Imam, Shams <[email protected]>wrote:

>
>
>
>
> Careless on my part to not read the entire documentation. Seems I needed to
> use DefaultWebSecurityManager and configure a filter.
>
> Removed the bootstrap code and added a filter:
>
>
>
> class JSecurityFilters {
>
>
>
>     SecurityManager securityManager = null;
>
>
>
>     SecurityManager getSecurityManager() {
>
>         if (securityManager == null) {
>
>             synchronized (JSecurityFilters.class) {
>
>                 if (securityManager == null) {
>
>                     // Initialize the jSecurity realm
>
>                     securityManager = new DefaultWebSecurityManager();
>
>                     securityManager.setRealm(new MyCustomRealm());
>
>                     SecurityUtils.setSecurityManager(securityManager);
>
>                 }
>
>             }
>
>         }
>
>         return securityManager
>
>     }
>
>
>
>     def filters = {
>
>         securityFilter(controller: '*', action: '*') {
>
>             before = {
>
>                 ThreadContext.bind(WebUtils.getInetAddress(request))
>
>                 WebUtils.bind(request)
>
>                 WebUtils.bind(response)
>
>                 ThreadContext.bind(getSecurityManager())
>
>                 ThreadContext.bind(getSecurityManager().getSubject())
>
>
>
>                 return true
>
>             }
>
>             afterView = {
>
>
>
>                 ThreadContext.unbindSubject()
>
>                 ThreadContext.unbindSecurityManager()
>
>                 WebUtils.unbindServletResponse()
>
>                 WebUtils.unbindServletRequest()
>
>                 ThreadContext.unbindInetAddress()
>
>
>
>             }
>
>         }
>
>     }
>
> }
>
>
>
> Stuff seems to be working for now unless I have missed other pointers ;)
>
>
>
> Shams
>
>
>  ------------------------------
>
> *From:* Imam, Shams [mailto:[email protected]]
> *Sent:* Thursday, April 02, 2009 9:42 AM
> *To:* [email protected]
> *Subject:* Subject reset when page refreshed with F5 the second time
>
>
>
> Hi everyone,
>
> I'm new to both Grails and JSecurity. I'm trying to integrate JSecurity
> into our existing webapp.
>
> I've implemented a custom Realm and am using a 'non-remember me' token. My
> Account returns
>
> string-based permissions.
>
> Now to the actual problem I'm facing: Whenever I refresh a page using F5
> on Firefox (haven't tested
>
> on other browsers yet) my Subject gets reset the second time. However, if I
> continue browsing the
>
> pages by clicking on the various links my Subject doesn't get reset. Any
> idea why this is happening
>
> and how I can avoid the Subject reset?
>
> Below is a summary of my grails bootstrap code and log outputs.
>
>  Code in Grails Bootstrap:
>
>  =========================
>
>     def init = {servletContext ->
>
>         println '--- BootStrap ---'
>
>
>
>         // Initialize the jSecurity realm
>
>         DefaultSecurityManager securityManager = new
> DefaultSecurityManager();
>
>         securityManager.setRealm(new MyCustomRealm());
>
>         SecurityUtils.setSecurityManager(securityManager);
>
>         println '1a - ThreadContext.securityManager: ' +
> org.jsecurity.util.ThreadContext.getSecurityManager()
>
>         println '1b - ThreadContext.securityManager.subject: ' +
> org.jsecurity.util.ThreadContext.getSecurityManager()?.getSubject()
>
>         println '2 - SecurityUtils.securityManager.subject' +
> org.jsecurity.SecurityUtils.securityManager?.getSubject()
>
>     }
>
>  Summary of Console Outputs:
>
>  ===========================
>
>  --- BootStrap ---
>
>  1a - ThreadContext.securityManager: null
>
>  1b - ThreadContext.securityManager.subject: null
>
>  2 -
> securityutils.securitymanager.subjectorg.jsecurity.subject.delegatingsubj...@165391b
>
>  // The login page
>
>  session.originalRequestParams.zipcode = 76092
>
>  hasPermission:'admin|reviewer' -> false : JSecurity Session:
> org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@13f866with
>  timeout 1800000 and
> principal null Grails session  id: 4v2u9cqs9y4i
>
>  1a - ThreadContext.securityManager: null
>
>  2 -
> securityutils.securitymanager.subjectorg.jsecurity.subject.delegatingsubj...@17ff60e
>
>  // Login successful
>
>  Login: Session:
> org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5eewith
>  timeout 1800000
>
>  // Home page after login
>
>  hasPermission:'admin|reviewer' -> true : JSecurity Session:
> org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5eewith
>  timeout 1800000 and
> principal Test:REVIEWER Grails  session id: 4v2u9cqs9y4i
>
>  1a - ThreadContext.securityManager: null
>
>  2 -
> securityutils.securitymanager.subjectorg.jsecurity.subject.delegatingsubj...@17ff60e
>
>  lacksPermission:'admin|reviewer' -> false : Session:
> org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5eewith
>  timeout 1800000 and
> principal Test:REVIEWER
>
>  // Refresh using F5 first time
>
>  hasPermission:'admin|reviewer' -> true : JSecurity Session:
> org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5eewith
>  timeout 1800000 and
> principal Test:REVIEWER Grails session id: 4v2u9cqs9y4i
>
>  1a - ThreadContext.securityManager: null
>
>  2 -
> securityutils.securitymanager.subjectorg.jsecurity.subject.delegatingsubj...@17ff60e
>
>  lacksPermission:'admin|reviewer' -> false : Session:
> org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cfd5eewith
>  timeout 1800000 and
> principal Test:REVIEWER
>
>  // Refresh using F5 second time
>
>  hasPermission:'admin|reviewer' -> false : JSecurity Session:
> org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cc4364with
>  timeout 1800000 and
> principal null Grails session  id: 4v2u9cqs9y4i
>
>  1a - ThreadContext.securityManager: null
>
>  2 -
> securityutils.securitymanager.subjectorg.jsecurity.subject.delegatingsubj...@5c775d
>
>  lacksPermission:'admin|reviewer' -> true : Session:
> org.jsecurity.subject.delegatingsubject$stoppingawareproxiedsess...@cc4364with
>  timeout 1800000 and
> principal null
>
>
>
> Thanks,
>
> Shams
>

Reply via email to