Creating a Fake Subject/Session

Tue, 27 Sep 2011 09:22:50 -0700 

Hi Again,

I've got the basic Shiro security down (which is good news - thanks for the
help!), but i seem to have an issue performing user impersonation w/o a
formal login process (only for non-production purposes)

I have a controller which is wrapped with the "anon" filter that does
something like the following:

        /Subject subject = new Subject.Builder()
                .principals(new
SimplePrincipalCollection(user.getId().toString(), "debug"))
                .host("debug")
                .buildSubject();

        ThreadContext.put(ThreadContext.SUBJECT_KEY, subject);/
        
The issue is that i'm getting the following exception:

/ERROR com.mywaitinglist.web.ExceptionResolver - SessionContext must be an
HTTP compatible implementation.
java.lang.IllegalArgumentException: SessionContext must be an HTTP
compatible implementation.
        at
org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103)
        at
org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64)
        at
org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:121)
        at
org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:338)
        at
org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:316)
        at
org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(DefaultSubjectDAO.java:182)
        at
org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(DefaultSubjectDAO.java:163)
        at 
org.apache.shiro.mgt.DefaultSubjectDAO.save(DefaultSubjectDAO.java:144)
        at
org.apache.shiro.mgt.DefaultSecurityManager.save(DefaultSecurityManager.java:383)
        at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350)
        at 
org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)/


I did look up some source but couldn't find anything too specific other than
the fact that it can't find:

ServletContainerSessionManager.createSession:

        /if (!WebUtils.isHttp(sessionContext)) {
            String msg = "SessionContext must be an HTTP compatible
implementation.";
            throw new IllegalArgumentException(msg);
        }/
        
Anything i'm missing to get this working?  Normal security and anon pages
work fine.  This isn't the same situation of injecting an existing session. 
This situation is where i want to bypass login completely.

Thanks!
        
        


--
View this message in context: 
http://shiro-user.582556.n2.nabble.com/Creating-a-Fake-Subject-Session-tp6836573p6836573.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply via email to