Les,
Sorry, that last email was a mistake on my part.
Les,
What I'm seeing now is that the DefaultWebSecurityManager instance's
SessionManager is always set to ServletContainerSessionManager, when it should
be a DefaultWebSessionManager. I tried adding these to my config:
sessionManager = org.apache.shiro.web.session.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
...but still, the DefaultWebSecurityManager.sessionManager field is an instance
of ServletContainerSessionManager.
I'm stumped. I guess I'm not clear on what SecurityManager instance is being
called by this config stuff. Perhaps I'm missing some sort of:
something.securityManager = securityManager
Andy
p.s. here's my full [main] section of my filter:
realmA = org.apache.shiro.realm.text.PropertiesRealm
securityManager = org.apache.shiro.web.DefaultWebSecurityManager
sessionManager = org.apache.shiro.web.session.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionMode = native
cacheManager = org.apache.shiro.cache.DefaultCacheManager
sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
sessionDAO.cacheManager = $cacheManager
securityManager.sessionDAO = $sessionDAO
securityManager.cacheManager = $cacheManager
securityManager.realm = $realmA
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On
> Behalf Of Les Hazlewood
> Sent: Wednesday, August 19, 2009 2:20 PM
> To: [email protected]
> Subject: Re: need more help with SSO
>
> Hrm - that would be very odd if the DefaultWebSecurityManager was not
> the instance - that is what the ShiroFilter enables at startup by
> default. Just in case, try this as your very first config line:
>
> securityManager = org.apache.shiro.web.DefaultWebSecurityManager
>
> What does your debugger say is the securityManager instance?
> Something is very strange...
>
> Thanks for the extra info. Are there any JUnit tests you might be
> able to send our way?
>
> - Les
>
> On Wed, Aug 19, 2009 at 1:56 PM, Andy Tripp<[email protected]>
> wrote:
> > Les,
> > I put tracing code in DefaultWebSecurityManager.setSessionMode(), and it
> appears that this method is not getting called. So the
> ServletContainerSessionManager is not getting replace by a
> DefaultWebSessionManager. So it appears that this line in the filter
> config:
> >
> > securityManager.sessionMode = native
> >
> > is having no effect (note that it's securityManager, not sessionManager
> as you suggest in the previous response).
> >
> > I'll keep trying to track it down further, any pointers would be
> appreciated. I'm off to try to find the some SecurityManager instance,
> which I suspect is something other than a DefaultWebSecurityManager, which
> would mean that this config line is failing silently.
> >
> > Obviously, all this dependency injection via XML is driving me
> completely crazy. I may be allergic to server-side Java :)
> >
> > Andy
> >
> >> -----Original Message-----
> >> From: [email protected] [mailto:[email protected]] On
> >> Behalf Of Les Hazlewood
> >> Sent: Wednesday, August 19, 2009 12:46 PM
> >> To: [email protected]
> >> Subject: Re: need more help with SSO
> >>
> >> Hi Andy,
> >>
> >> A quick note about the message: that was a bug in the exception
> >> message, but the code is working as expected: if the wrapped
> >> SessionManager does not implement the SessionDAOAware interface, it
> >> cannot be injected with a SessionDAO. I have since fixed the message
> >> to be correct and committed this change, although the code logic has
> >> not been changed.
> >>
> >> Also, make sure that you do this:
> >>
> >> sessionManager.sessionMode = native
> >>
> >> before you try to inject the SessionDAO. The above call will
> >> automatically substitute the ServletContainerSessionManager for a
> >> DefaultWebSessionManager implementation on the fly. This latter
> >> implementation does in fact implement SessionDAOAware and should
> >> readily accept SessionDAO instances that are passed through the
> >> securityManager.setSessionDAO(...) call.
> >>
> >> In the meantime, I'll try to create a unit test with the ShiroFilter
> >> to see I can accurately recreate your issue, but I've been strapped
> >> for time lately - if you could create one (if possible) and post it to
> >> a Jira issue, that would help a lot.
> >>
> >> Regards,
> >>
> >> Les
> >>
> >> On Tue, Aug 18, 2009 at 11:34 AM, Les Hazlewood<[email protected]>
> >> wrote:
> >> > Hi Andy,
> >> >
> >> > Thanks very much for sending this along - it is very helpful. I'll
> be
> >> > able to look into this a bit more later tonight.
> >> >
> >> > Regards,
> >> >
> >> > Les
> >> >
> >> > On Tue, Aug 18, 2009 at 11:21 AM, Andy Tripp<[email protected]>
> >> wrote:
> >> >> Les,
> >> >> I tracked this problem down through a maze of try/catch blocks, I
> see
> >> this exception:
> >> >>
> >> >> javax.servlet.ServletException: Unable to load from text
> configuration.
> >> e2=org.apache.shiro.config.ConfigurationException:
> >> org.apache.shiro.config.ConfigurationException: Unable to set property
> >> [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a reference
> to
> >> another (previously defined) object, please prefix it with '$' to
> indicate
> >> that the referenced object should be used as the actual value. For
> >> example, $$sessionDAO
> >> >>
> >> >> ...which I tracked down to the ReflectionBuilder.applyProperty()
> method
> >> calling BeanUtils.setProperty() and catching an InvocationException.
> The
> >> cause of that exception is:
> >> >>
> >> >> java.lang.IllegalArgumentException: The underlying session manager
> is
> >> null or does not implement the
> org.apache.shiro.session.mgt.eis.SessionDAO
> >> >> interface, which is required if the underlying instance is to
> receive
> >> the sessionDAO argument.
> >> >>
> >> >>
> >> >> ...which comes from SessionsSecurityManager.setSessionDAO(), which
> >> checks
> >> >> to see that the SessionDAO parameter implements SessionDAOAware. The
> >> passed value is actually of class ServletContainerSessionManager, which
> >> does NOT
> >> >> implement SessionDAOAware.
> >> >>
> >> >> So I guess the mystery is why we're getting setSessionDAO() being
> >> passed a ServletContainerSessionManager, when in fact we have this
> config
> >> line:
> >> >>
> >> >> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >> >>
> >> >> Hope this helps,
> >> >> Andy
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>> -----Original Message-----
> >> >>> From: Andy Tripp [mailto:[email protected]]
> >> >>> Sent: Tuesday, August 18, 2009 10:04 AM
> >> >>> To: [email protected]
> >> >>> Subject: RE: need more help with SSO
> >> >>>
> >> >>> Les,
> >> >>>
> >> >>> I tried what you have below and still get the same "Unable to load
> >> from
> >> >>> text configuration" error. I tried it with the latest Shiro. I
> >> narrowed
> >> >>> the problem down to this line:
> >> >>>
> >> >>> securityManager.sessionDAO = $sessionDAO
> >> >>>
> >> >>> I get no errors with that line commented out.
> >> >>>
> >> >>> Any ideas? If not, I could put some tracing in the
> >> OncePerRequestFilter
> >> >>> class to narrow the problem down further.
> >> >>>
> >> >>> Andy
> >> >>>
> >> >>> > -----Original Message-----
> >> >>> > From: [email protected]
> [mailto:[email protected]]
> >> On
> >> >>> > Behalf Of Les Hazlewood
> >> >>> > Sent: Monday, August 17, 2009 5:11 PM
> >> >>> > To: [email protected]
> >> >>> > Subject: Re: need more help with SSO
> >> >>> >
> >> >>> > Hi Andy,
> >> >>> >
> >> >>> > I just verified that this simple test config works, although not
> in
> >> a
> >> >>> > web environment:
> >> >>> >
> >> >>> > ----
> >> >>> > realmA = org.apache.shiro.realm.text.PropertiesRealm
> >> >>> >
> >> >>> > securityManager.sessionMode = native
> >> >>> >
> >> >>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager
> >> >>> >
> >> >>> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >> >>> > sessionDAO.cacheManager = $cacheManager
> >> >>> > securityManager.sessionDAO = $sessionDAO
> >> >>> > securityManager.cacheManager = $cacheManager
> >> >>> >
> >> >>> > securityManager.realm = $realmA
> >> >>> > ----
> >> >>> >
> >> >>> > Could you please try that out and see if it works in your web
> >> >>> > environment? If so, can you try substituting the
> >> DefaultCacheManager
> >> >>> > implementation (and your realm implementation) with with your
> >> >>> > implementations and see what happens?
> >> >>> >
> >> >>> > - Les
> >> >>> >
> >> >>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy
> Tripp<[email protected]>
> >> >>> > wrote:
> >> >>> > > Here's the complete tomcat log file:
> >> >>> > >
> >> >>> > > Aug 17, 2009 3:40:13 PM
> org.apache.catalina.core.StandardContext
> >> >>> > filterStart
> >> >>> > > SEVERE: Exception starting filter ShiroFilter
> >> >>> > > javax.servlet.ServletException: Unable to load from text
> >> >>> configuration.
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte
> >> >>> > r.java:148)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
> >> >>> > erConfig.java:221)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
> >> >>> > ilterConfig.java:302)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
> >> >>> > onfig.java:78)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
> >> >>> > 3635)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
> >> >>> > :760)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927
> >> >>> > )
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8
> >> >>> > 90)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
> >> >>> > > at
> >> >>> >
> org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp
> >> >>> > ort.java:120)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
> >> >>> > > at
> >> >>> >
> org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> >> >>> > > at
> >> >>> >
> >>
> org.apache.catalina.core.StandardService.start(StandardService.java:448)
> >> >>> > > at
> >> >>> >
> >> org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
> >> >>> > > at
> >> >>> org.apache.catalina.startup.Catalina.start(Catalina.java:552)
> >> >>> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> >> Method)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> >> >>> > 39)
> >> >>> > > at
> >> >>> >
> >> >>>
> >>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
> >> >>> > pl.java:25)
> >> >>> > > at java.lang.reflect.Method.invoke(Method.java:597)
> >> >>> > > at
> >> >>> > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
> >> >>> > > at
> >> >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> >> >>> > > Aug 17, 2009 3:40:13 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init():
> >> ruleChain:
> >> >>> > [org.apache.webapp.balancer.RuleChain:
> >> >>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target
> string:
> >> >>> News
> >> >>> > / Redirect URL: http://www.cnn.com],
> >> >>> > [org.apache.webapp.balancer.rules.RequestParameterRule: Target
> param
> >> >>> name:
> >> >>> > paramName / Target param value: paramValue / Redirect URL:
> >> >>> > http://www.yahoo.com],
> >> >>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect
> >> URL:
> >> >>> > http://jakarta.apache.org]]
> >> >>> > > Aug 17, 2009 3:40:13 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: ContextListener: contextInitialized()
> >> >>> > > Aug 17, 2009 3:40:13 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: SessionListener: contextInitialized()
> >> >>> > > Aug 17, 2009 3:40:13 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: ContextListener: contextInitialized()
> >> >>> > > Aug 17, 2009 3:40:13 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: SessionListener: contextInitialized()
> >> >>> > > Aug 17, 2009 4:25:59 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: SessionListener: contextDestroyed()
> >> >>> > > Aug 17, 2009 4:25:59 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: ContextListener: contextDestroyed()
> >> >>> > > Aug 17, 2009 4:25:59 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: SessionListener: contextDestroyed()
> >> >>> > > Aug 17, 2009 4:25:59 PM
> >> org.apache.catalina.core.ApplicationContext
> >> >>> log
> >> >>> > > INFO: ContextListener: contextDestroyed()
> >> >>> > >
> >> >>> > >> -----Original Message-----
> >> >>> > >> From: Les Hazlewood [mailto:[email protected]]
> >> >>> > >> Sent: Monday, August 17, 2009 4:24 PM
> >> >>> > >> To: [email protected]
> >> >>> > >> Subject: Re: need more help with SSO
> >> >>> > >>
> >> >>> > >> Hi Andy,
> >> >>> > >>
> >> >>> > >> It goes in the main section, definitely. Is there any more to
> >> the
> >> >>> > >> exception? I'd like to see the entire stack trace if
> possible.
> >> >>> > >>
> >> >>> > >> - Les
> >> >>> > >>
> >> >>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy
> >> Tripp<[email protected]>
> >> >>> > >> wrote:
> >> >>> > >> > I created my own Cache and CacheManager:
> >> >>> > >> >
> >> >>> > >> > public class VonageDistributedSessionCache implements Cache
> {
> >> >>> > >> > public VonageDistributedSessionCache(String name) {
> >> >>> > >> > System.err.println("VonageDistributedSessionCache
> >> >>> > >> > constructor.");
> >> >>> > >> > }
> >> >>> > >> > ...
> >> >>> > >> > }
> >> >>> > >> >
> >> >>> > >> > public class VonageDistributedSessionCacheManager implements
> >> >>> > >> > CacheManager {
> >> >>> > >> > public Cache getCache(String name) throws CacheException
> {
> >> >>> > >> > return new VonageDistributedSessionCache(name);
> >> >>> > >> > }
> >> >>> > >> > }
> >> >>> > >> >
> >> >>> > >> > Then in [main] section of my ShiroFilter in web.xml, I have:
> >> >>> > >> > [main]
> >> >>> > >> > realmA = com.vonage.auth.client.VonageAuthenticationRealm
> >> >>> > >> >
> >> >>> > >> > securityManager.sessionMode = native
> >> >>> > >> >
> >> >>> > >> > And when I add this:
> >> >>> > >> > # pull in vonage centralized authentication:
> >> >>> > >> > cacheManager =
> >> >>> > >> > com.vonage.auth.client.VonageDistributedSessionCacheManager
> >> >>> > >> > sessionDAO =
> org.apache.shiro.session.mgt.eis.MemorySessionDAO
> >> >>> > >> > sessionDAO.cacheManager = $cacheManager
> >> >>> > >> > securityManager.sessionDAO = $sessionDAO
> >> >>> > >> > securityManager.cacheManager = $cacheManager
> >> >>> > >> >
> >> >>> > >> > ...I get this error:
> >> >>> > >> > javax.servlet.ServletException: Unable to load from text
> >> >>> > configuration.
> >> >>> > >> >
> >> >>> > >> > So...does this injection go here in the [main] section of
> >> >>> > ShiroFilter,
> >> >>> > >> > or somewhere else?
> >> >>> > >> >
> >> >>> > >> > Thanks,
> >> >>> > >> > Andy
> >> >>> > >> >
> >> >>> > >
> >> >>
> >> >
> >
