Hi Narcom, You only want to use the Subject.Builder in special situations. You should almost always use SecurityUtils.getSubject().
The reason this is failing for you is that the user.getSessionId() call is trying to reference a session that doesn't exist yet. When you instantiate a new SecurityManager, it in turn uses a new SessionManager, and that SessionManager doesn't have any sessions yet. I think you'd want to reference the remote SecurityManager instead. That is: Subject subject = new Subject.Builder(remoteSecurityManager).sessionId(user.getSessionId()).buildSubject(); I'll check out the WebStart example this weekend to see what might be wrong - it hasn't been updated in a while. Cheers, Les On Thu, Oct 29, 2009 at 2:00 PM, Narcom <[email protected]> wrote: > > I am not sure it is some kind of "issue". May be I do not understand smth. It > looks like on secure bean call it tries to get SecurityManager but cannot > find one because I did not inited one (but should I create one?) > > If I create one as mentioned in Quickstart llike this > DefaultSecurityManager securityManager = new DefaultSecurityManager(); > SecurityUtils.setSecurityManager( securityManager ); > Subject subject = new > Subject.Builder().sessionId(user.getSessionId()).buildSubject(); > ThreadState threadState = new SubjectThreadState(subject); > threadState.bind(); > try { > SampleManager sampleManager = (SampleManager) > ctx.getBean("sampleManager"); > //sampleManager.secureMethod1(); > } finally { > threadState.clear(); > } > > I get this exception > org.apache.shiro.session.UnknownSessionException: There is no session with > id [f493926d-b5dc-4488-945e-1aa97145dc7a] > at > org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:281) > at > org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:202) > ..... > at > org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:703) > at com.springbook.client.RemotingTest.test(RemotingTest.java:67) > at com.springbook.client.RemotingTest.main(RemotingTest.java:36) > > Should be SecurityManager inited automatically on Subject creation i.e. > Subject subject = new > Subject.Builder().sessionId(user.getSessionId()).buildSubject(); > > ? > > > Les Hazlewood-2 wrote: >> >> Hi Narcom, >> >> Can you please re-post this along with the full stack trace (not just >> the SecurityUtils.getSecurityManager line) in a Jira issue? That way >> It won't get lost. >> >> - Les >> >> On Thu, Oct 29, 2009 at 3:48 AM, Narcom <[email protected]> wrote: >>> >>> I noticed that java web start GUI application does not start for “Apache >>> Shiro :: Samples :: Spring”. >>> >>> I use stand alone java program to access tomcat. Here its code >>> >>> PropertyConfigurator.configure("web/WEB-INF/log.properties"); >>> ctx = new >>> FileSystemXmlApplicationContext("/web/WEB-INF/remoting-client.xml"); >>> LoginManagerRemote loginManager = (LoginManagerRemote) >>> ctx.getBean("loginManager"); >>> UserRemote user = loginManager.login(); >>> log.info("user name: " + user.getName()); >>> log.info("sesssionId: " + user.getSessionId()); >>> >>> SampleManager sampleManager = (SampleManager) >>> ctx.getBean("sampleManager"); >>> sampleManager.secureMethod1(); >>> >>> So I write 2 spring remote beans >>> first makes login and return jsessionId. >>> <bean name="/login" >>> class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter"> >>> <property name="service" ref="loginManager"/> >>> <property name="serviceInterface" >>> value="com.springbook.LoginManagerRemote"/> >>> </bean> >>> >>> second is secure bean >>> >>> <bean name="/sampleManager" >>> class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter"> >>> <property name="service" ref="sampleManager"/> >>> <property name="serviceInterface" >>> value="my.samples.shiro.spring.SampleManager"/> >>> <property name="remoteInvocationExecutor" >>> ref="secureRemoteInvocationExecutor"/> >>> </bean> >>> >>> What should I do to call secure bean from my standalone client? >>> >>> If I just call it after login I get >>> >>> Exception in thread "main" java.lang.IllegalStateException: No >>> SecurityManager accessible to the calling code, either bound to the >>> org.apache.shiro.util.ThreadContext or as a vm static singleton. This is >>> an >>> invalid application configuration. >>> at >>> org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:115) >>> >>> -- >>> View this message in context: >>> http://n2.nabble.com/Spring-stand-alone-client-tp3910311p3910311.html >>> Sent from the Shiro User mailing list archive at Nabble.com. >>> >> >> > > -- > View this message in context: > http://n2.nabble.com/Spring-stand-alone-client-tp3910311p3914503.html > Sent from the Shiro User mailing list archive at Nabble.com. >
