Hi Andy, Can you please make note of this in a Jira issue? I'll fix it right away, but I'd like a record of this so when I modify the code, I can comment exactly why the change is required to ensure someone in the future doesn't accidentally revert the change.
Thanks! Les On Thu, Aug 20, 2009 at 11:27 AM, Andy Tripp<[email protected]> wrote: > Les, > > I finally found the problem. This line... > securityManager.sessionDAO = $sessionDAO > ...was being processed BEFORE this line... > securityManager.sessionManager = $sessionManager > > In ReflectionBuilder.buildObjects(), instanceMap and propertyMap need to be > LinkedHashMap type, not just HashMap. With HashMap, the properties in > ShiroFilter are being processed in arbitrary order, rather than the order > listed. That would explain why it works for you and not me - you got unlucky > :) > > Andy > > >> -----Original Message----- >> From: Andy Tripp [mailto:[email protected]] >> Sent: Wednesday, August 19, 2009 4:02 PM >> To: [email protected] >> Subject: RE: need more help with SSO >> >> Les, >> Sorry, that last email was a mistake on my part. >> >> Les, >> >> What I'm seeing now is that the DefaultWebSecurityManager instance's >> SessionManager is always set to ServletContainerSessionManager, when it >> should be a DefaultWebSessionManager. I tried adding these to my config: >> >> sessionManager = org.apache.shiro.web.session.DefaultWebSessionManager >> securityManager.sessionManager = $sessionManager >> >> ...but still, the DefaultWebSecurityManager.sessionManager field is an >> instance of ServletContainerSessionManager. >> >> I'm stumped. I guess I'm not clear on what SecurityManager instance is >> being called by this config stuff. Perhaps I'm missing some sort of: >> something.securityManager = securityManager >> >> Andy >> p.s. here's my full [main] section of my filter: >> >> realmA = org.apache.shiro.realm.text.PropertiesRealm >> securityManager = org.apache.shiro.web.DefaultWebSecurityManager >> sessionManager = >> org.apache.shiro.web.session.DefaultWebSessionManager >> securityManager.sessionManager = $sessionManager >> >> securityManager.sessionMode = native >> >> cacheManager = org.apache.shiro.cache.DefaultCacheManager >> >> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO >> sessionDAO.cacheManager = $cacheManager >> securityManager.sessionDAO = $sessionDAO >> securityManager.cacheManager = $cacheManager >> >> securityManager.realm = $realmA >> >> > -----Original Message----- >> > From: [email protected] [mailto:[email protected]] On >> > Behalf Of Les Hazlewood >> > Sent: Wednesday, August 19, 2009 2:20 PM >> > To: [email protected] >> > Subject: Re: need more help with SSO >> > >> > Hrm - that would be very odd if the DefaultWebSecurityManager was not >> > the instance - that is what the ShiroFilter enables at startup by >> > default. Just in case, try this as your very first config line: >> > >> > securityManager = org.apache.shiro.web.DefaultWebSecurityManager >> > >> > What does your debugger say is the securityManager instance? >> > Something is very strange... >> > >> > Thanks for the extra info. Are there any JUnit tests you might be >> > able to send our way? >> > >> > - Les >> > >> > On Wed, Aug 19, 2009 at 1:56 PM, Andy Tripp<[email protected]> >> > wrote: >> > > Les, >> > > I put tracing code in DefaultWebSecurityManager.setSessionMode(), and >> it >> > appears that this method is not getting called. So the >> > ServletContainerSessionManager is not getting replace by a >> > DefaultWebSessionManager. So it appears that this line in the filter >> > config: >> > > >> > > securityManager.sessionMode = native >> > > >> > > is having no effect (note that it's securityManager, not >> sessionManager >> > as you suggest in the previous response). >> > > >> > > I'll keep trying to track it down further, any pointers would be >> > appreciated. I'm off to try to find the some SecurityManager instance, >> > which I suspect is something other than a DefaultWebSecurityManager, >> which >> > would mean that this config line is failing silently. >> > > >> > > Obviously, all this dependency injection via XML is driving me >> > completely crazy. I may be allergic to server-side Java :) >> > > >> > > Andy >> > > >> > >> -----Original Message----- >> > >> From: [email protected] [mailto:[email protected]] >> On >> > >> Behalf Of Les Hazlewood >> > >> Sent: Wednesday, August 19, 2009 12:46 PM >> > >> To: [email protected] >> > >> Subject: Re: need more help with SSO >> > >> >> > >> Hi Andy, >> > >> >> > >> A quick note about the message: that was a bug in the exception >> > >> message, but the code is working as expected: if the wrapped >> > >> SessionManager does not implement the SessionDAOAware interface, it >> > >> cannot be injected with a SessionDAO. I have since fixed the message >> > >> to be correct and committed this change, although the code logic has >> > >> not been changed. >> > >> >> > >> Also, make sure that you do this: >> > >> >> > >> sessionManager.sessionMode = native >> > >> >> > >> before you try to inject the SessionDAO. The above call will >> > >> automatically substitute the ServletContainerSessionManager for a >> > >> DefaultWebSessionManager implementation on the fly. This latter >> > >> implementation does in fact implement SessionDAOAware and should >> > >> readily accept SessionDAO instances that are passed through the >> > >> securityManager.setSessionDAO(...) call. >> > >> >> > >> In the meantime, I'll try to create a unit test with the ShiroFilter >> > >> to see I can accurately recreate your issue, but I've been strapped >> > >> for time lately - if you could create one (if possible) and post it >> to >> > >> a Jira issue, that would help a lot. >> > >> >> > >> Regards, >> > >> >> > >> Les >> > >> >> > >> On Tue, Aug 18, 2009 at 11:34 AM, Les >> Hazlewood<[email protected]> >> > >> wrote: >> > >> > Hi Andy, >> > >> > >> > >> > Thanks very much for sending this along - it is very helpful. I'll >> > be >> > >> > able to look into this a bit more later tonight. >> > >> > >> > >> > Regards, >> > >> > >> > >> > Les >> > >> > >> > >> > On Tue, Aug 18, 2009 at 11:21 AM, Andy >> Tripp<[email protected]> >> > >> wrote: >> > >> >> Les, >> > >> >> I tracked this problem down through a maze of try/catch blocks, I >> > see >> > >> this exception: >> > >> >> >> > >> >> javax.servlet.ServletException: Unable to load from text >> > configuration. >> > >> e2=org.apache.shiro.config.ConfigurationException: >> > >> org.apache.shiro.config.ConfigurationException: Unable to set >> property >> > >> [sessionDAO] with value [$sessionDAO]. If '$sessionDAO' is a >> reference >> > to >> > >> another (previously defined) object, please prefix it with '$' to >> > indicate >> > >> that the referenced object should be used as the actual value. For >> > >> example, $$sessionDAO >> > >> >> >> > >> >> ...which I tracked down to the ReflectionBuilder.applyProperty() >> > method >> > >> calling BeanUtils.setProperty() and catching an InvocationException. >> > The >> > >> cause of that exception is: >> > >> >> >> > >> >> java.lang.IllegalArgumentException: The underlying session manager >> > is >> > >> null or does not implement the >> > org.apache.shiro.session.mgt.eis.SessionDAO >> > >> >> interface, which is required if the underlying instance is to >> > receive >> > >> the sessionDAO argument. >> > >> >> >> > >> >> >> > >> >> ...which comes from SessionsSecurityManager.setSessionDAO(), which >> > >> checks >> > >> >> to see that the SessionDAO parameter implements SessionDAOAware. >> The >> > >> passed value is actually of class ServletContainerSessionManager, >> which >> > >> does NOT >> > >> >> implement SessionDAOAware. >> > >> >> >> > >> >> So I guess the mystery is why we're getting setSessionDAO() being >> > >> passed a ServletContainerSessionManager, when in fact we have this >> > config >> > >> line: >> > >> >> >> > >> >> sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO >> > >> >> >> > >> >> Hope this helps, >> > >> >> Andy >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >>> -----Original Message----- >> > >> >>> From: Andy Tripp [mailto:[email protected]] >> > >> >>> Sent: Tuesday, August 18, 2009 10:04 AM >> > >> >>> To: [email protected] >> > >> >>> Subject: RE: need more help with SSO >> > >> >>> >> > >> >>> Les, >> > >> >>> >> > >> >>> I tried what you have below and still get the same "Unable to >> load >> > >> from >> > >> >>> text configuration" error. I tried it with the latest Shiro. I >> > >> narrowed >> > >> >>> the problem down to this line: >> > >> >>> >> > >> >>> securityManager.sessionDAO = $sessionDAO >> > >> >>> >> > >> >>> I get no errors with that line commented out. >> > >> >>> >> > >> >>> Any ideas? If not, I could put some tracing in the >> > >> OncePerRequestFilter >> > >> >>> class to narrow the problem down further. >> > >> >>> >> > >> >>> Andy >> > >> >>> >> > >> >>> > -----Original Message----- >> > >> >>> > From: [email protected] >> > [mailto:[email protected]] >> > >> On >> > >> >>> > Behalf Of Les Hazlewood >> > >> >>> > Sent: Monday, August 17, 2009 5:11 PM >> > >> >>> > To: [email protected] >> > >> >>> > Subject: Re: need more help with SSO >> > >> >>> > >> > >> >>> > Hi Andy, >> > >> >>> > >> > >> >>> > I just verified that this simple test config works, although >> not >> > in >> > >> a >> > >> >>> > web environment: >> > >> >>> > >> > >> >>> > ---- >> > >> >>> > realmA = org.apache.shiro.realm.text.PropertiesRealm >> > >> >>> > >> > >> >>> > securityManager.sessionMode = native >> > >> >>> > >> > >> >>> > cacheManager = org.apache.shiro.cache.DefaultCacheManager >> > >> >>> > >> > >> >>> > sessionDAO = org.apache.shiro.session.mgt.eis.MemorySessionDAO >> > >> >>> > sessionDAO.cacheManager = $cacheManager >> > >> >>> > securityManager.sessionDAO = $sessionDAO >> > >> >>> > securityManager.cacheManager = $cacheManager >> > >> >>> > >> > >> >>> > securityManager.realm = $realmA >> > >> >>> > ---- >> > >> >>> > >> > >> >>> > Could you please try that out and see if it works in your web >> > >> >>> > environment? If so, can you try substituting the >> > >> DefaultCacheManager >> > >> >>> > implementation (and your realm implementation) with with your >> > >> >>> > implementations and see what happens? >> > >> >>> > >> > >> >>> > - Les >> > >> >>> > >> > >> >>> > On Mon, Aug 17, 2009 at 4:27 PM, Andy >> > Tripp<[email protected]> >> > >> >>> > wrote: >> > >> >>> > > Here's the complete tomcat log file: >> > >> >>> > > >> > >> >>> > > Aug 17, 2009 3:40:13 PM >> > org.apache.catalina.core.StandardContext >> > >> >>> > filterStart >> > >> >>> > > SEVERE: Exception starting filter ShiroFilter >> > >> >>> > > javax.servlet.ServletException: Unable to load from text >> > >> >>> configuration. >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFilte >> > >> >>> > r.java:148) >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt >> > >> >>> > erConfig.java:221) >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF >> > >> >>> > ilterConfig.java:302) >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC >> > >> >>> > onfig.java:78) >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java: >> > >> >>> > 3635) >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> org.apache.catalina.core.StandardContext.start(StandardContext.java:4222) >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java >> > >> >>> > :760) >> > >> >>> > > at >> > >> >>> > >> > >> >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) >> > >> >>> > > at >> > >> >>> > >> > >> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544) >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:927 >> > >> >>> > ) >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:8 >> > >> >>> > 90) >> > >> >>> > > at >> > >> >>> > >> > >> >> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492) >> > >> >>> > > at >> > >> >>> > >> > org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150) >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupp >> > >> >>> > ort.java:120) >> > >> >>> > > at >> > >> >>> > >> > >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) >> > >> >>> > > at >> > >> >>> > >> > org.apache.catalina.core.StandardHost.start(StandardHost.java:736) >> > >> >>> > > at >> > >> >>> > >> > >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) >> > >> >>> > > at >> > >> >>> > >> > >> >> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) >> > >> >>> > > at >> > >> >>> > >> > >> >> > org.apache.catalina.core.StandardService.start(StandardService.java:448) >> > >> >>> > > at >> > >> >>> > >> > >> >> org.apache.catalina.core.StandardServer.start(StandardServer.java:700) >> > >> >>> > > at >> > >> >>> org.apache.catalina.startup.Catalina.start(Catalina.java:552) >> > >> >>> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native >> > >> Method) >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: >> > >> >>> > 39) >> > >> >>> > > at >> > >> >>> > >> > >> >>> >> > >> >> > >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm >> > >> >>> > pl.java:25) >> > >> >>> > > at java.lang.reflect.Method.invoke(Method.java:597) >> > >> >>> > > at >> > >> >>> > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) >> > >> >>> > > at >> > >> >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) >> > >> >>> > > Aug 17, 2009 3:40:13 PM >> > >> org.apache.catalina.core.ApplicationContext >> > >> >>> log >> > >> >>> > > INFO: org.apache.webapp.balancer.BalancerFilter: init(): >> > >> ruleChain: >> > >> >>> > [org.apache.webapp.balancer.RuleChain: >> > >> >>> > [org.apache.webapp.balancer.rules.URLStringMatchRule: Target >> > string: >> > >> >>> News >> > >> >>> > / Redirect URL: http://www.cnn.com], >> > >> >>> > [org.apache.webapp.balancer.rules.RequestParameterRule: Target >> > param >> > >> >>> name: >> > >> >>> > paramName / Target param value: paramValue / Redirect URL: >> > >> >>> > http://www.yahoo.com], >> > >> >>> > [org.apache.webapp.balancer.rules.AcceptEverythingRule: >> Redirect >> > >> URL: >> > >> >>> > http://jakarta.apache.org]] >> > >> >>> > > Aug 17, 2009 3:40:13 PM >> > >> org.apache.catalina.core.ApplicationContext >> > >> >>> log >> > >> >>> > > INFO: ContextListener: contextInitialized() >> > >> >>> > > Aug 17, 2009 3:40:13 PM >> > >> org.apache.catalina.core.ApplicationContext >> > >> >>> log >> > >> >>> > > INFO: SessionListener: contextInitialized() >> > >> >>> > > Aug 17, 2009 3:40:13 PM >> > >> org.apache.catalina.core.ApplicationContext >> > >> >>> log >> > >> >>> > > INFO: ContextListener: contextInitialized() >> > >> >>> > > Aug 17, 2009 3:40:13 PM >> > >> org.apache.catalina.core.ApplicationContext >> > >> >>> log >> > >> >>> > > INFO: SessionListener: contextInitialized() >> > >> >>> > > Aug 17, 2009 4:25:59 PM >> > >> org.apache.catalina.core.ApplicationContext >> > >> >>> log >> > >> >>> > > INFO: SessionListener: contextDestroyed() >> > >> >>> > > Aug 17, 2009 4:25:59 PM >> > >> org.apache.catalina.core.ApplicationContext >> > >> >>> log >> > >> >>> > > INFO: ContextListener: contextDestroyed() >> > >> >>> > > Aug 17, 2009 4:25:59 PM >> > >> org.apache.catalina.core.ApplicationContext >> > >> >>> log >> > >> >>> > > INFO: SessionListener: contextDestroyed() >> > >> >>> > > Aug 17, 2009 4:25:59 PM >> > >> org.apache.catalina.core.ApplicationContext >> > >> >>> log >> > >> >>> > > INFO: ContextListener: contextDestroyed() >> > >> >>> > > >> > >> >>> > >> -----Original Message----- >> > >> >>> > >> From: Les Hazlewood [mailto:[email protected]] >> > >> >>> > >> Sent: Monday, August 17, 2009 4:24 PM >> > >> >>> > >> To: [email protected] >> > >> >>> > >> Subject: Re: need more help with SSO >> > >> >>> > >> >> > >> >>> > >> Hi Andy, >> > >> >>> > >> >> > >> >>> > >> It goes in the main section, definitely. Is there any more >> to >> > >> the >> > >> >>> > >> exception? I'd like to see the entire stack trace if >> > possible. >> > >> >>> > >> >> > >> >>> > >> - Les >> > >> >>> > >> >> > >> >>> > >> On Mon, Aug 17, 2009 at 3:41 PM, Andy >> > >> Tripp<[email protected]> >> > >> >>> > >> wrote: >> > >> >>> > >> > I created my own Cache and CacheManager: >> > >> >>> > >> > >> > >> >>> > >> > public class VonageDistributedSessionCache implements >> Cache >> > { >> > >> >>> > >> > public VonageDistributedSessionCache(String name) { >> > >> >>> > >> > System.err.println("VonageDistributedSessionCache >> > >> >>> > >> > constructor."); >> > >> >>> > >> > } >> > >> >>> > >> > ... >> > >> >>> > >> > } >> > >> >>> > >> > >> > >> >>> > >> > public class VonageDistributedSessionCacheManager >> implements >> > >> >>> > >> > CacheManager { >> > >> >>> > >> > public Cache getCache(String name) throws >> CacheException >> > { >> > >> >>> > >> > return new VonageDistributedSessionCache(name); >> > >> >>> > >> > } >> > >> >>> > >> > } >> > >> >>> > >> > >> > >> >>> > >> > Then in [main] section of my ShiroFilter in web.xml, I >> have: >> > >> >>> > >> > [main] >> > >> >>> > >> > realmA = >> com.vonage.auth.client.VonageAuthenticationRealm >> > >> >>> > >> > >> > >> >>> > >> > securityManager.sessionMode = native >> > >> >>> > >> > >> > >> >>> > >> > And when I add this: >> > >> >>> > >> > # pull in vonage centralized authentication: >> > >> >>> > >> > cacheManager = >> > >> >>> > >> > >> com.vonage.auth.client.VonageDistributedSessionCacheManager >> > >> >>> > >> > sessionDAO = >> > org.apache.shiro.session.mgt.eis.MemorySessionDAO >> > >> >>> > >> > sessionDAO.cacheManager = $cacheManager >> > >> >>> > >> > securityManager.sessionDAO = $sessionDAO >> > >> >>> > >> > securityManager.cacheManager = $cacheManager >> > >> >>> > >> > >> > >> >>> > >> > ...I get this error: >> > >> >>> > >> > javax.servlet.ServletException: Unable to load from text >> > >> >>> > configuration. >> > >> >>> > >> > >> > >> >>> > >> > So...does this injection go here in the [main] section of >> > >> >>> > ShiroFilter, >> > >> >>> > >> > or somewhere else? >> > >> >>> > >> > >> > >> >>> > >> > Thanks, >> > >> >>> > >> > Andy >> > >> >>> > >> > >> > >> >>> > > >> > >> >> >> > >> > >> > > >
