Any chance you have a simple example of the problem you can post to github or someplace ?
On Wed, Jul 20, 2016 at 3:38 PM, [email protected] < [email protected]> wrote: > ok, I have been able to dig deeper... > > It seems that when the call comes into > FormAuthenticationFilter.isAccessAllowed() (actually in super class of > AuthenticatingFilter) AFTER a success login and redirect to successUrl, > this > method is always returning false. It seems the call to getSubject is not > finding an Authenticated Subject in the ThreadContext. It is this method > that doesn't find correct Subject: > > public static Subject getSubject() { > Subject subject = ThreadContext.getSubject(); > if (subject == null) { > subject = (new Subject.Builder()).buildSubject(); > ThreadContext.bind(subject); > } > return subject; > } > > So my question is, what might cause this? I am authenticating in my custom > Realm (which works fine thru BASIC auth), I can see the correct > authenticated Subject being created. It is just not being found by > SecurityUtils upon the next call. > > Here is my auth method from my custom realm: > ---------------------------------------------------------- > protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken > token) throws AuthenticationException { > > UsernamePasswordToken upToken = (UsernamePasswordToken) > token; > > String name = upToken.getUsername(); > String password = new String(upToken.getPassword()); > > if (name != null && password != null) { > Map userMap = > VnfmDatabase.readCollection(User.USERS, String.class); > if (userMap.containsKey(name)) { > User user = (User) userMap.get(name); > String pw = user.getPassword(); > if (password.equals(pw)) { > return new > SimpleAuthenticationInfo(name, password.toCharArray(), > getName()); > } else { > throw new > AuthenticationException("Invalid Password"); > } > } else { > throw new AuthenticationException("Invalid > Username"); > } > } > throw new AuthenticationException("Username and Password > required"); > } > ------------------------------------------------------------ > > Does something else need to be done to ensure the authenticated Subject is > stashed away somewhere properly? > > My subsequent requests do have a JSESSIONID attached to them... > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Shiro-rediecting-back-to-Login-after-successful-Login-tp7581130p7581158.html > Sent from the Shiro User mailing list archive at Nabble.com. >
