Thanks for following up David!
On Mon, Apr 12, 2021 at 9:54 AM David Stutzman wrote:
> Actually that created another error:
> 09:44:53,127 WARNING
> [javax.enterprise.resource.webcontainer.jsf.lifecycle] (default task-7)
> #{login.login()}: java.lang.IllegalStateException: UT010033: No session:
Actually that created another error:
09:44:53,127 WARNING
[javax.enterprise.resource.webcontainer.jsf.lifecycle] (default task-7)
#{login.login()}: java.lang.IllegalStateException: UT010033: No session:
javax.faces.FacesException: #{login.login()}:
java.lang.IllegalStateException: UT010033:
Hi David!
Can you try making sure session rewriting is disabled:
securityManager.sessionManager.sessionIdUrlRewritingEnabled
https://github.com/apache/shiro/blob/a85dfcd8629294cd1c6bc3cdd34cbebb94e09662/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini#L29
This could also be happing
I went back and took another look at this and turned on trace logging
and figured out the InvalidRequestFilter is tripping, specifically on a
semicolon in the URL. That filter was added in 1.6.0 hence that's the
first version we see the issue.
So now the part I'm not sure about is how/why
Ok thanks, we will take a look.
regards,
François
fpa...@apache.org
Le 17/12/2020 à 13:43, David Stutzman a écrit :
> I tried all 4 after 1.5.1: "...updated directly from 1.5.1 to 1.7.0 but
> I went back and tested everything in between."
>
> 1.6.0 was the first version that showed the behavior
I tried all 4 after 1.5.1: "...updated directly from 1.5.1 to 1.7.0 but
I went back and tested everything in between."
1.6.0 was the first version that showed the behavior I describe.
Dave
(sorry for the dupe François, realized I didn't reply to the list)
On 12/17/2020 6:08 AM, Francois Papon
Hi David,
Can you try with 1.5.2 and 1.5.3?
regards,
François
fpa...@apache.org
Le 17/12/2020 à 11:48, David Stutzman a écrit :
> I am using Shiro in a Java EE application using the shiro-web
> dependency. I
> noticed a strange behavior and tracked it down to a Shiro upgrade that
> started in
I am using Shiro in a Java EE application using the shiro-web dependency. I
noticed a strange behavior and tracked it down to a Shiro upgrade that
started in version 1.6.0 and persists in 1.7.0. I initially updated directly
from 1.5.1 to 1.7.0 but I went back and tested everything in between.