[
https://issues.apache.org/jira/browse/SHIRO-141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12839971#action_12839971
]
Natalie Metzger commented on SHIRO-141:
---------------------------------------
Hi all,
as I see it, the problem is somewhat deeper. I have a web application, and my
subject is a DelegatingSubject with a DefaultWebSecurityManager. Once I call
the login() method on this subject, the associated RememberMeManager is unknown
as DefaultSecurityManager.login() is called. Shouldn't you add a method
DefaultWebSecurityManager.login() that just calls super.login()?
Natalie
> Problem with WebRememberMeManager
> ---------------------------------
>
> Key: SHIRO-141
> URL: https://issues.apache.org/jira/browse/SHIRO-141
> Project: Shiro
> Issue Type: Bug
> Components: Authentication (log-in)
> Environment: Windows vista running Eclipse Galileo v.3.5 w/ Google
> App Engine plugin - Debug mode
> Reporter: Chris Dutrow
> Assignee: Les Hazlewood
>
> I executed the following code to see if I needed to get the current user
> again after logging out:
> Subject currentUser;
> currentUser = SecurityUtils.getSubject(); // < --No exception
> currentUser = SecurityUtils.getSubject(); // < --No exception
> currentUser.logout(); // < --No
> exception
> currentUser = SecurityUtils.getSubject(); // < --EXCEPTION
> Resulting in the application throwing a NullPointerException from
> WebRememberMeManager.
> Here is the stack trace: (I'm currently trying to learn how to install and
> use JUnit)
> 32046 [btpool0-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate
> RememberMeManager instance of type
> [org.apache.shiro.web.WebRememberMeManager] threw an exception during
> getRememberedPrincipals().
> java.lang.NullPointerException
> at
> org.apache.shiro.web.attr.CookieAttribute.getCookie(CookieAttribute.java:262)
> at
> org.apache.shiro.web.attr.CookieAttribute.removeValue(CookieAttribute.java:357)
>
> at
> org.apache.shiro.web.WebRememberMeManager.forgetIdentity(WebRememberMeManager.java:320)
>
> at
> org.apache.shiro.web.WebRememberMeManager.forgetIdentity(WebRememberMeManager.java:316)
>
> at
> org.apache.shiro.mgt.AbstractRememberMeManager.onRememberedPrincipalFailure(AbstractRememberMeManager.java:547)
>
> at
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:488)
>
> at
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:598)
>
> at
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:486)
>
> at
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:363)
>
> at
> org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:751)
> at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:57)
> at burp_erp_t1.TestShiroServlet.login(TestShiroServlet.java:43)
> at burp_erp_t1.TestShiroServlet.doPost(TestShiroServlet.java:24)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> at
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
>
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:373)
>
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:306)
>
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)
>
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>
> at
> com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:51)
>
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>
> at
> com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
>
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>
> at
> com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:121)
>
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>
> at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
> at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
> at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)
> at
> org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
> at
> com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70)
>
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
> at
> com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:352)
>
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
> at org.mortbay.jetty.Server.handle(Server.java:313)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
> at
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:844)
>
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
> at
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
> at
> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
