Thanks Manoj! That solved the problem J
From: Manoj Khangaonkar [via Shiro User] [mailto:[email protected]] Sent: Tuesday, September 27, 2011 13:13 To: matan_a Subject: Re: Creating a Fake Subject/Session HI, For a web application , you might want to use new WebSubject.builder( It should create the proper context necessary for web applications. Manoj On Tue, Sep 27, 2011 at 9:22 AM, matan_a <[hidden email]> wrote: > Hi Again, > > I've got the basic Shiro security down (which is good news - thanks for the > help!), but i seem to have an issue performing user impersonation w/o a > formal login process (only for non-production purposes) > > I have a controller which is wrapped with the "anon" filter that does > something like the following: > > /Subject subject = new Subject.Builder() > .principals(new > SimplePrincipalCollection(user.getId().toString(), "debug")) > .host("debug") > .buildSubject(); > > ThreadContext.put(ThreadContext.SUBJECT_KEY, subject);/ > > The issue is that i'm getting the following exception: > > /ERROR com.mywaitinglist.web.ExceptionResolver - SessionContext must be an > HTTP compatible implementation. > java.lang.IllegalArgumentException: SessionContext must be an HTTP > compatible implementation. > at > org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103) > > at > org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64) > > at > org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:121) > > at > org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:338) > > at > org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:316) > > at > org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(DefaultSubjectDAO.java:182) > > at > org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(DefaultSubjectDAO.java:163) > > at > org.apache.shiro.mgt.DefaultSubjectDAO.save(DefaultSubjectDAO.java:144) > at > org.apache.shiro.mgt.DefaultSecurityManager.save(DefaultSecurityManager.java:383) > > at > org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350) > > at > org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)/ > > > I did look up some source but couldn't find anything too specific other than > the fact that it can't find: > > ServletContainerSessionManager.createSession: > > /if (!WebUtils.isHttp(sessionContext)) { > String msg = "SessionContext must be an HTTP compatible > implementation."; > throw new IllegalArgumentException(msg); > }/ > > Anything i'm missing to get this working? Normal security and anon pages > work fine. This isn't the same situation of injecting an existing session. > This situation is where i want to bypass login completely. > > Thanks! > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Creating-a-Fake-Subject-Session-tp6836573p6836573.html > Sent from the Shiro User mailing list archive at Nabble.com. > -- http://khangaonkar.blogspot.com/ _____ If you reply to this email, your message will be added to the discussion below: http://shiro-user.582556.n2.nabble.com/Creating-a-Fake-Subject-Session-tp6836573p6837561.html To unsubscribe from Creating a Fake Subject/Session, click here <http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=6836573&code=bWF0YW5AZW1hdGFuLmNvbXw2ODM2NTczfDk2OTQ3MDg2Mg==> . -- View this message in context: http://shiro-user.582556.n2.nabble.com/Creating-a-Fake-Subject-Session-tp6836573p6838700.html Sent from the Shiro User mailing list archive at Nabble.com.
