I managed to call remote "secure" spring bean at last... using this code
PropertyConfigurator.configure("web/WEB-INF/log.properties");
ctx = new
FileSystemXmlApplicationContext("/web/WEB-INF/remoting-client.xml");
DefaultSecurityManager securityManager = new
DefaultSecurityManager();
securityManager.setRealm(new PropertiesRealm());
SecurityUtils.setSecurityManager(securityManager);
LoginManagerRemote loginManager = (LoginManagerRemote)
ctx.getBean("loginManager");
UserRemote user = loginManager.login();
String sessionId = user.getSessionId();
log.info("user name: " + user.getName());
log.info("sesssionId: " + sessionId);
SimpleSession session = new SimpleSession();
session.setId(sessionId);
Subject subject = new
Subject.Builder().session(session).buildSubject();
Session sessionLocal = subject.getSession(false);
if(sessionLocal != null){
log.info("session.getId(): " + sessionLocal.getId());
} else {
log.info("session: null");
}
subject.execute(new Runnable() {
public void run() {
SampleManager sampleManager = (SampleManager)
ctx.getBean("sampleManager");
String result = sampleManager.secureMethod1();
log.info(result);
}
});
but now I have another problem. When I call secureMethod1() it execute fine
only if I do not check authorization.
this what I get on server side:
2009-11-02 14:50:04,656 DEBUG
(org.apache.shiro.authc.credential.SimpleCredentialsMatcher:100) Performing
credentials equality check for tokenCredentials of type
[org.apache.shiro.crypto.hash.Sha256Hash and accountCredentials of type
[org.apache.shiro.crypto.hash.Sha256Hash]
2009-11-02 14:50:04,656 DEBUG
(org.apache.shiro.authc.AbstractAuthenticator:217) Authentication successful
for token [org.apache.shiro.authc.UsernamePasswordToken - user1,
rememberMe=true]. Returned account
[org.apache.shiro.subject.simpleprincipalcollect...@4930af45]
2009-11-02 14:50:04,687 DEBUG
(org.apache.shiro.web.attr.AbstractWebAttribute:171) No 'editorClass'
property set - returning value.toString() as the string value for method
argument.
2009-11-02 14:50:04,687 DEBUG
(org.apache.shiro.web.attr.CookieAttribute:350) Added Cookie [rememberMe] to
path [/SpringRemoting] with value
[UwP13UzjVUceLBNWh+sYM01JWOSbBOwc1ZLySIws0IdnkcWeD/yWeH0eIycwHaI8MRKPyenBr76EoLkEZnXSz4i27cTTUps5qOgU/ZQLdvIOxlZxmT9RlUvKT6zopnQrSpdsCNaruG/Op/XEoJcdNLI9rJCCyMKN3em5wl8GrWTIzKS4hzHombGBEW4EPS9jv40HV4mIS2sUFXm5MlOptr99e1A6eKYxlLrldk2/yqw29nWohE0sIjO7tRF9mOAZUeC/Fem6K4S82LbXAJ6p0oNg3MP7dbFSkeeDF2CwFJvvi5xVrGyF0aKk8JzBHKzmRgLAreVAMGR0L2hGHOgIP/uup6KzE3QFZJpPSCmtcRZASMTpLxTpiiTHhVmB9Hf42eGB9vfoR9QFfK0U+in7fyrWyyAs3GPdM884yP9B8YdVfqUzqWhbzMDdUgS0PKpc3QsBDOqdsLzOpvUImFdomuk+RZ98i28s/KP1puAwmeo=]
to the HttpServletResponse
2009-11-02 14:50:04,812 INFO (com.springbook.LoginManagerBean:43)
70931A960971B2477A95A27B296D4C0D
2009-11-02 14:50:04,843 DEBUG
(org.apache.shiro.mgt.DefaultSecurityManager:384) Context referenced
sessionId is invalid. Ignoring and creating an anonymous (session-less)
Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with
id [70931A960971B2477A95A27B296D4C0D]
at
org.apache.shiro.session.mgt.AbstractSessionManager.getSession(AbstractSessionManager.java:249)
at
org.apache.shiro.session.mgt.AbstractSessionManager.checkValid(AbstractSessionManager.java:265)
at
org.apache.shiro.mgt.SessionsSecurityManager.checkValid(SessionsSecurityManager.java:294)
at
org.apache.shiro.mgt.DefaultSecurityManager.getSession(DefaultSecurityManager.java:192)
at
org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:380)
at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:343)
at
org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:703)
at
org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor.invoke(SecureRemoteInvocationExecutor.java:106)
at
org.springframework.remoting.support.RemoteInvocationBasedExporter.invoke(RemoteInvocationBasedExporter.java:78)
at
org.springframework.remoting.support.RemoteInvocationBasedExporter.invokeAndCreateResult(RemoteInvocationBasedExporter.java:114)
at
org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.handleRequest(HttpInvokerServiceExporter.java:117)
at
org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter.handle(HttpRequestHandlerAdapter.java:49)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:874)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:808)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:441)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.shiro.web.servlet.ShiroFilter.executeChain(ShiroFilter.java:687)
at
org.apache.shiro.web.servlet.ShiroFilter.doFilterInternal(ShiroFilter.java:616)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
2009-11-02 14:50:04,906 INFO
(my.samples.shiro.spring.DefaultSampleManager:91) Secure method 1 called...
2009-11-02 14:50:04,906 INFO
(my.samples.shiro.spring.DefaultSampleManager:96)
currentUser.isAuthenticated(): false
2009-11-02 14:50:04,906 INFO
(my.samples.shiro.spring.DefaultSampleManager:101) session: null
note this line "There is no session with id
[70931A960971B2477A95A27B296D4C0D]" but this sessionId was created on
previuos call and send to client and submitted to Subject session. this is
client output:
2009-11-02 14:50:04,828 INFO (com.springbook.client.RemotingTest:65) user
name: user1
2009-11-02 14:50:04,828 INFO (com.springbook.client.RemotingTest:66)
sesssionId: 70931A960971B2477A95A27B296D4C0D
2009-11-02 14:50:04,828 DEBUG
(org.apache.shiro.mgt.DefaultSecurityManager:371) Context already contains a
session. Returning.
2009-11-02 14:50:04,828 INFO (com.springbook.client.RemotingTest:99)
session.getId(): 70931A960971B2477A95A27B296D4C0D
2009-11-02 14:50:04,906 INFO (com.springbook.client.RemotingTest:109) Secure
method 1 called...
so it looks like by some reason session created before is not restored by
shiro...
how to fix it?
--
View this message in context:
http://n2.nabble.com/Spring-stand-alone-client-tp3910311p3931076.html
Sent from the Shiro User mailing list archive at Nabble.com.
