Re: Shiro has some problems(bugs) or confused things.

Tue, 30 Aug 2011 02:21:36 -0700 

Hi Les.

I explain test cases.

1. Mutual dependency (I assume the confused design)
You can use spring configuration i written before.
But full spring configuration is ...

  <!-- =========================================================
       Shiro Core Components - Not Spring Specific
       ========================================================= -->
  <bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="cacheManager" ref="cacheManager"/>
    <property name="sessionMode" value="native"/>
    <property name="sessionManager" ref="sessionManager"/>
    <property name="realm" ref=*"$You do modify"*/>
  </bean>

  <bean id="sessionManager"
      class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
    <property name="sessionDAO">
      <bean
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>
    </property>
    <property name="sessionValidationScheduler"
ref="sessionValidationScheduler"/>
    <property name="globalSessionTimeout" value="15000"/>
    <property name="sessionListeners">
      <list>
        <ref local="p2pSessionListener"/>
      </list>
    </property>
  </bean>

  <bean id="sessionValidationScheduler"

class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
    <property name="sessionManager" ref="sessionManager"/>
    <property name="interval" value="30000"/>
  </bean>

  <bean id="p2pSessionListener"
      class="com.acme.session.P2PShiroSessionListenerAdapter"/>

  <bean id="cacheManager"
class="org.apache.shiro.cache.ehcache.EhCacheManager">
  </bean>


  <!-- =========================================================
       Shiro Spring-specific integration
       ========================================================= -->

  <bean id="lifecycleBeanPostProcessor"
      class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

  <bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
      depends-on="lifecycleBeanPostProcessor"/>
  <bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
    <property name="securityManager" ref="securityManager"/>
  </bean>

  <bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager"/>
    <property name="unauthorizedUrl" value="/unauthorized.html"/>
    <property name="filterChainDefinitions">
      <value>
        /web/** = anon
        /secure/** = authcBasic
      </value>
    </property>
  </bean>

  <!-- End -->

* com.acme.session.P2PShiroSessionListenerAdapter

package com.acme.session;

import org.apache.shiro.session.Session;
import org.apache.shiro.session.SessionListener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;


public class P2PShiroSessionListenerAdapter
implements SessionListener, ApplicationContextAware
{

  //
-------------------------------------------------------------------------
  // Constant
  //
-------------------------------------------------------------------------
  private static final Logger logger =
      LoggerFactory.getLogger(P2PShiroSessionListenerAdapter.class);

  //
-------------------------------------------------------------------------
  // Member variable
  //
-------------------------------------------------------------------------
  private ApplicationContext applicationContext;



//-------------------------------------------------------------------------
  // Setter methods for dependency injection

//-------------------------------------------------------------------------


  //
-------------------------------------------------------------------------
  // Public methods
  //
-------------------------------------------------------------------------

  @Override
  public void onExpiration(Session _session)
  {
    logger.debug("sessionDestroyed[{}]", _session.getId());
  }


  @Override
  public void onStart(Session _sessioin)
  {
    logger.debug("onStart");
  }


  @Override
  public void onStop(Session _sessioin)
  {
    logger.debug("onStop");
  }


  @Override
  public void setApplicationContext(ApplicationContext _applicationContext)
      throws BeansException
  {
    this.applicationContext = _applicationContext;
  }
}



2. (Too)Many SessionValidationScheduler Launched.(I assume a bug.)
I develop iPhone application(Object-C, Client) an Spring/J2EE(Server).
So i can't help you with my client code. Sorry.
But i attach log4j logs and client request. (I use HTTP Basic
Authentification.)

lo4j log (2 request concurrently. sessionValidationScheduler.interval is 30
seconds)
2011-08-30 18:10:52 INFO AbstractValidatingSessionManager.?(?) | Enabling
session validation scheduler...
2011-08-30 18:10:52 INFO AbstractValidatingSessionManager.?(?) | Enabling
session validation scheduler...
2011-08-30 18:10:52 INFO EhCacheManager.?(?) | Using existing EHCache named
[shiro-activeSessionCache]
2011-08-30 18:10:52 INFO EhCacheManager.?(?) | Using existing EHCache named
[shiro-activeSessionCache]
2011-08-30 18:10:53 DEBUG P2PShiroSessionListenerAdapter.?(?) | onStart
2011-08-30 18:10:53 DEBUG P2PShiroSessionListenerAdapter.?(?) | onStart
2011-08-30 18:11:22 INFO AbstractValidatingSessionManager.?(?) | Validating
all active sessions...
2011-08-30 18:11:22 INFO AbstractValidatingSessionManager.?(?) | Validating
all active sessions...
2011-08-30 18:11:22 DEBUG P2PShiroSessionListenerAdapter.?(?) | onStop
2011-08-30 18:11:22 DEBUG P2PShiroSessionListenerAdapter.?(?) |
sessionDestroyed[d0884088-47ac-4138-bc83-2258386373a3]
2011-08-30 18:11:22 DEBUG P2PShiroSessionListenerAdapter.?(?) |
sessionDestroyed[b236ba53-c802-4acf-b006-7cf2e2a62393]
2011-08-30 18:11:22 DEBUG P2PShiroSessionListenerAdapter.?(?) | onStop
2011-08-30 18:11:22 INFO AbstractValidatingSessionManager.?(?) | Finished
session validation.  [2] sessions were stopped.
2011-08-30 18:11:22 INFO AbstractValidatingSessionManager.?(?) | Finished
session validation.  [2] sessions were stopped.
2011-08-30 18:11:52 INFO AbstractValidatingSessionManager.?(?) | Validating
all active sessions...
2011-08-30 18:11:52 INFO AbstractValidatingSessionManager.?(?) | Finished
session validation.  No sessions were stopped.
2011-08-30 18:11:52 INFO AbstractValidatingSessionManager.?(?) | Validating
all active sessions...
2011-08-30 18:11:52 INFO AbstractValidatingSessionManager.?(?) | Finished
session validation.  No sessions were stopped.
....

Client Request (2 request. It is a normal situation)
HTTP 291 POST /s/q HTTP/1.1  (application/x-www-form-urlencoded)
HTTP 81 POST /s/q HTTP/1.1  (application/x-www-form-urlencoded)
HTTP 181 HTTP/1.1 401 Unauthorized
HTTP 181 HTTP/1.1 401 Unauthorized
HTTP 291 POST /s/q HTTP/1.1  (application/x-www-form-urlencoded)
HTTP 81 POST /s/q HTTP/1.1  (application/x-www-form-urlencoded)
HTTP 56 HTTP/1.1 200 OK  (text/html)
HTTP 56 HTTP/1.1 200 OK  (text/html)

I understand two session creation because 2 concurrent request.
I don't understand two SessionValidationScheduler.

Thanks.



On Tue, Aug 30, 2011 at 5:38 AM, Les Hazlewood <[email protected]>wrote:

> Hi Jason,
>
> Do you have a sample app or test case that you could share with us?
> Or is it as simple as just using the Spring configuration pasted?
>
> That is, how do I recreate the problem for testing?
>
> Thanks,
>
> Les
>
> On Sun, Aug 28, 2011 at 11:27 PM, Jason Shim <[email protected]> wrote:
> > (sorry my poor english)
> > 1. Mutual dependency (I assume the confused design)
> > SessionManager and SessionValidationScheduler configuration have to do
> set
> > mutual
> >   <bean id="sessionManager"
> >       class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
> >     <property name="sessionDAO">
> >       <bean
> > class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>
> >     </property>
> >     <property name="sessionValidationScheduler"
> > ref="sessionValidationScheduler"/>
> >     <property name="globalSessionTimeout" value="300000"/>
> >     <property name="sessionListeners">
> >       <list>
> >         <ref local="p2pSessionListener"/>
> >       </list>
> >     </property>
> >   </bean>
> >
> >   <bean id="sessionValidationScheduler"
> >
> >
> class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
> >     <property name="sessionManager" ref="sessionManager"/>
> >     <property name="interval" value="60000"/>
> >   </bean>
> > Anyone missing, doesn't execute sessionValidationScheduler.
> > 2. (Too)Many SessionValidationScheduler Launched.(I assume a bug.)
> > I guess,  session validation scenario is...
> > (a) Server start
> > (b) Client access
> > (c) Enabling session validation scheduler...
> > (d) Session create
> > If two clients access concurrently in (b), SessionValidationScheduler
> > launched two instance.
> > Three clients, three SessionValidationScheduler launched. (according to
> > logs)
> >
> > Thanks.
>

Reply via email to