HI, For a web application , you might want to use
new WebSubject.builder( It should create the proper context necessary for web applications. Manoj On Tue, Sep 27, 2011 at 9:22 AM, matan_a <[email protected]> wrote: > Hi Again, > > I've got the basic Shiro security down (which is good news - thanks for the > help!), but i seem to have an issue performing user impersonation w/o a > formal login process (only for non-production purposes) > > I have a controller which is wrapped with the "anon" filter that does > something like the following: > > /Subject subject = new Subject.Builder() > .principals(new > SimplePrincipalCollection(user.getId().toString(), "debug")) > .host("debug") > .buildSubject(); > > ThreadContext.put(ThreadContext.SUBJECT_KEY, subject);/ > > The issue is that i'm getting the following exception: > > /ERROR com.mywaitinglist.web.ExceptionResolver - SessionContext must be an > HTTP compatible implementation. > java.lang.IllegalArgumentException: SessionContext must be an HTTP > compatible implementation. > at > org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103) > at > org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64) > at > org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:121) > at > org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:338) > at > org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:316) > at > org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(DefaultSubjectDAO.java:182) > at > org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(DefaultSubjectDAO.java:163) > at > org.apache.shiro.mgt.DefaultSubjectDAO.save(DefaultSubjectDAO.java:144) > at > org.apache.shiro.mgt.DefaultSecurityManager.save(DefaultSecurityManager.java:383) > at > org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350) > at > org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)/ > > > I did look up some source but couldn't find anything too specific other than > the fact that it can't find: > > ServletContainerSessionManager.createSession: > > /if (!WebUtils.isHttp(sessionContext)) { > String msg = "SessionContext must be an HTTP compatible > implementation."; > throw new IllegalArgumentException(msg); > }/ > > Anything i'm missing to get this working? Normal security and anon pages > work fine. This isn't the same situation of injecting an existing session. > This situation is where i want to bypass login completely. > > Thanks! > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Creating-a-Fake-Subject-Session-tp6836573p6836573.html > Sent from the Shiro User mailing list archive at Nabble.com. > -- http://khangaonkar.blogspot.com/
