I made some progress on this issue.
I added tracing to AuthorizingRealm.setAuthorizationCache(). I see that
it's first being correctly called to set the cache to my "custom"
VonageDistributedSessionCache that I specified in my ShiroFilter. But
then, I see that it's being called a second time, and getting *reset* to
some instance of SoftHashMapCache.
The stack trace of that 2nd call is below. So the issue is "where in
that stack trace is some code having the audacity to do something that
results in a call to AuthorizingRealm.setAuthorizationCache(), which
replaces the user-specified cache with the default of a
SoftHashMapCache?
My (uneducated) guess is that the culprit is the createSecurityManager()
call in IniConfiguration.processIni(). Why would we want to create a
security manager when in the middle of processing configuration data?
In any case, I think the use case is simple: trying to specify your own
CacheManager doesn't work. Here's my ShiroFilter:
# pull in vonage centralized authentication:
realmA = com.vonage.auth.VonageAuthenticationRealm
securityManager =
org.apache.shiro.web.DefaultWebSecurityManager
sessionManager =
org.apache.shiro.web.session.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionMode = native
#cacheManager =
org.apache.shiro.cache.DefaultCacheManager
cacheManager =
com.vonage.auth.VonageDistributedSessionCacheManager
securityManager.cacheManager = $cacheManager
sessionDAO =
org.apache.shiro.session.mgt.eis.MemorySessionDAO
#sessionDAO.cacheManager = $cacheManager
securityManager.sessionDAO = $sessionDAO
securityManager.realm = $realmA
And here's the stack trace I talked about:
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1206)
at
org.apache.shiro.realm.AuthorizingRealm.setAuthorizationCache(Authorizin
gRealm.java:109)
at
org.apache.shiro.realm.AuthorizingRealm.initAuthorizationCache(Authorizi
ngRealm.java:199)
at
org.apache.shiro.realm.AuthorizingRealm.afterCacheManagerSet(Authorizing
Realm.java:166)
at
org.apache.shiro.realm.CachingRealm.setCacheManager(CachingRealm.java:73
)
at
org.apache.shiro.mgt.RealmSecurityManager.applyCacheManagerToRealms(Real
mSecurityManager.java:116)
at
org.apache.shiro.mgt.RealmSecurityManager.afterRealmsSet(RealmSecurityMa
nager.java:86)
at
org.apache.shiro.mgt.AuthenticatingSecurityManager.afterRealmsSet(Authen
ticatingSecurityManager.java:178)
at
org.apache.shiro.mgt.AuthorizingSecurityManager.afterRealmsSet(Authorizi
ngSecurityManager.java:129)
at
org.apache.shiro.mgt.RealmSecurityManager.setRealms(RealmSecurityManager
.java:82)
at
org.apache.shiro.config.IniConfiguration.createSecurityManagerForSection
(IniConfiguration.java:242)
at
org.apache.shiro.config.IniConfiguration.createSecurityManager(IniConfig
uration.java:188)
at
org.apache.shiro.config.IniConfiguration.processIni(IniConfiguration.jav
a:172)
at
org.apache.shiro.config.IniConfiguration.process(IniConfiguration.java:1
61)
at
org.apache.shiro.config.IniConfiguration.load(IniConfiguration.java:127)
at
org.apache.shiro.config.TextConfiguration.loadTextConfig(TextConfigurati
on.java:70)
at
org.apache.shiro.config.TextConfiguration.init(TextConfiguration.java:86
)
at
org.apache.shiro.config.IniConfiguration.init(IniConfiguration.java:114)
at
org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:47)
at
org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:41)
at
org.apache.shiro.web.servlet.ShiroFilter.configure(ShiroFilter.java:322)
at
org.apache.shiro.web.servlet.ShiroFilter.onFilterConfigSet(ShiroFilter.j
ava:269)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.init(OncePerRequestFil
ter.java:140)
at
org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFi
lterConfig.java:221)
at
org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(Applicatio
nFilterConfig.java:302)
at
org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilte
rConfig.java:78)
at
org.apache.catalina.core.StandardContext.filterStart(StandardContext.jav
a:3635)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4222
)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.ja
va:760)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:9
27)
at
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java
:890)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1150)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:31
1)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSu
pport.java:120)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:448)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Andy
________________________________
From: Andy Tripp [mailto:[email protected]]
Sent: Monday, August 31, 2009 10:25 AM
To: [email protected]
Subject: RE: need help plugging in my own session cache
I need to get this working, and I'm happy to track it down myself, but I
need some starting direction.
If I want to use my own cache for storing session data, I know I should
write my own CacheManager and a class that implements Cache. But which
class do I tell to use my own cache? Is it SessionDAO, securityManager,
or my own Realm (in my case a subclass of JDBCRealm)? All three have a
cacheManager property.
Thanks,
Andy
________________________________
From: Andy Tripp [mailto:[email protected]]
Sent: Friday, August 28, 2009 2:56 PM
To: [email protected]
Subject: need help plugging in my own session cache
Hi again,
I'm having trouble with specifying my own Cache.
I've specified my own CacheManager and Cache classes in my ShiroFilter:
realmA = com.vonage.auth.VonageAuthenticationRealm
securityManager =
org.apache.shiro.web.DefaultWebSecurityManager
sessionManager =
org.apache.shiro.web.session.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionMode = native
#cacheManager =
org.apache.shiro.cache.DefaultCacheManager
cacheManager =
com.vonage.auth.VonageDistributedSessionCacheManager
sessionDAO =
org.apache.shiro.session.mgt.eis.MemorySessionDAO
sessionDAO.cacheManager = $cacheManager
securityManager.sessionDAO = $sessionDAO
securityManager.cacheManager = $cacheManager
securityManager.realm = $realmA
realmA.cacheManager = $cacheManager
My VonageDistributedSessionCacheManager class simply returns an instance
of my VonageDistributedSessionCache class, which implements the Cache
interface.
The problem is that the various methods in my
VonageDistributedSessionCache class (get(), put(), etc) are never being
called. By adding tracing, I can confirm that my
VonageDistributedSessionCache constructor is being called from
AuthorizationRealm.initAuthorizationCache(). But when I login to my
servlet, my get() and put() methods are never called. On my first login
attempt to get to my servlet, I have no session and so I'm challenged
for username/password. Then on a second attempt, it lets me through. So
somewhere Shiro is caching my sessionid, but I don't know where. All I
know is that it's not using the Cache that I told it to :) In fact, I
told it 3 times ($cacheManager is mentioned 3 times above)!
So where is it in Shiro that checks the session cache? I see that
AuthorizingRealm.initAuthorizationCache() does create an instance of my
VonageDistributedSessionCache class, and calls setAuthorizationCache()
to store it. But I don't see any calls to the corresponding
getAuthorizationCache() to actually use it.
I'm not sure if this helps or not, but below is a stack trace from my
servlet. Somewhere along this chain of calls, somebody should have
called AuthorizingRealm.getAuthorizationCache() but didn't.
Thanks,
Andy
------------------------------------------------------------------------
----------------------
at java.lang.Thread.dumpStack(Thread.java:1206)
at
com.vonage.authenticatorTest.TestServlet1.doGet(TestServlet1.java:15)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:627)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:188)
at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterCh
ain.java:58)
at
org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java
:107)
at
org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.
java:137)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerReques
tFilter.java:190)
at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterCh
ain.java:63)
at
org.apache.shiro.web.servlet.ShiroFilter.executeChain(ShiroFilter.java:6
48)
at
org.apache.shiro.web.servlet.ShiroFilter.doFilterInternal(ShiroFilter.ja
va:588)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerReques
tFilter.java:190)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:215)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:172)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:117)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1
74)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:87
5)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc
essConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint
.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow
erWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool
.java:689)
at java.lang.Thread.run(Thread.java:619)
