This is a bug in the com.evermind.server.http.NotFoundServlet - whoever wrote that is attempting to cast the ServletRequest instance directly to a com.evermind.server.http.EvermindHttpServletRequest instance.
The NotFoundServlet author is incorrectly assuming that the ServletRequest instance remains the Servlet Container's implementation for the duration of the request. However, with things like the HttpServletRequestWrapper (part of the standard servlet API), it is completely 'legal' (and expected) that Servlet Filters have the ability to replace or wrap the container's ServletRequest with their own implementation before sending it down the FilterChain. Shiro (and many other frameworks for that matter) uses this technique to wrap the container's ServletRequest instance with its own implementation to handle security features. That the NotFoundServlet implementation does not take this possibility into account is a bug in that codebase - not Shiro's. HTH, -- Les Hazlewood CTO, Stormpath | http://stormpath.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood blog: http://leshazlewood.com stormpath blog: http://www.stormpath.com/blog On Tue, May 1, 2012 at 3:12 AM, parameswar <[email protected]> wrote: > Hello, > > I am trying to integrate Apache Shiro to implement SSO in my web application > which is running on OC4J Server. I did the following configuration in > web.xml and application-context.xml > > web.xml > ------------- > <filter> > <filter-name>shiroFilter</filter-name> > > <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> > <init-param> > <param-name>targetFilterLifecycle</param-name> > <param-value>true</param-value> > </init-param> > </filter> > > <filter-mapping> > <filter-name>shiroFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > in application-context.xml > ---------------------------- > > <beans:bean id="shiroFilter" > class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> > <beans:property name="securityManager" ref="securityManager"/> > > <beans:property name="loginUrl" value="/zkloginDialog.zul"/> > <beans:property name="successUrl" value="/pages/secured/index.zul"/> > <beans:property name="unauthorizedUrl" value="/accessdenied.zul"/> > > > > > <beans:property name="filterChainDefinitions"> > <beans:value> > # some example chain definitions: > /pages/secured/** = authc, roles[admin] > > </beans:value> > </beans:property> > </beans:bean> > > > <beans:bean id="securityManager" > class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> > <beans:property name="realm" ref="myLdapRealm" /> > > </beans:bean> > > <beans:bean id="myLdapRealm" > class="org.apache.shiro.realm.ldap.JndiLdapRealm"> > <beans:property name="userDnTemplate" > value="cn={0},ou=people,ou=groups" /> > <beans:property name="contextFactory" > ref="myContextFactory"/> > </beans:bean> > > <beans:bean id="myContextFactory" > class="org.apache.shiro.realm.ldap.JndiLdapContextFactory"> > <beans:property name="url" > value="ldap://host:389/o=trusted"/> > </beans:bean> > </beans:beans> > > i am getting the following exception when i try to login into my > application. My application is running on OC4J. I am unable to find where > did i do the mistake. Please, can any one help me to solve this. > > > > 12/05/01 11:55:52.134 10.1.3.5.0 Started > 12/05/01 11:55:53.115 trusted4.0-mgmt: Initializing Spring root > WebApplicationContext > 12/05/01 11:56:11.194 trusted4.0-mgmt: 10.1.3.5.0 Started > 12/05/01 11:56:21.48 trusted4.0-mgmt: Servlet error > java.lang.ClassCastException: > org.apache.shiro.web.servlet.ShiroHttpServletRequest cannot be cast to > com.evermind[Oracle Containers > for J2EE 10g (10.1.3.5.0) ].server.http.EvermindHttpServletRequest > at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) > ].server.http.NotFoundServlet.sendNotFound(NotFoundServlet.java:26 > ) > at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) > ].server.http.NotFoundServlet.service(NotFoundServlet.java:18) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) > at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) > ].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java > :64) > at > org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) > at > org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) > at > org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) > at > org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) > at > org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:380) > at > org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) > at > org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) > at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) > ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher > .java:644) > at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) > ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher > .java:391) > at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) > ].server.http.HttpRequestHandler.handleNotFound(HttpRequestHandler > .java:1087) > at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) > ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler > .java:948) > at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) > ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler > .java:458) > at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) > ].server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler > .java:226) > at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) > ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:127) > at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) > ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:116) > at > oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260) > at com.evermind[Oracle Containers for J2EE 10g (10.1.3.5.0) > ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor > .java:303) > at java.lang.Thread.run(Thread.java:662) > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/org-apache-shiro-web-servlet-ShiroHttpServletRequest-cannot-be-cast-to-com-evermind-Oracle-Containers-tp7516102p7516462.html > Sent from the Shiro User mailing list archive at Nabble.com.
