I have an application that can be accessed by http and rmi protocols.
When an user uses http protocol he passes shiro web filter — everything is
clear here, no problem.
I wanted to use the same SecurityManager and for rmi protocol, but, of course,
it didn’t work:
22:21:44.599 [HTTP-Dispatcher] WARN
org.apache.shiro.authc.AbstractAuthenticator - Authentication failed for token
submission [myapp.security.AuthenticationToken@325c75dc]. Possible unexpected
error? (Typical or expected login exceptions should extend from
AuthenticationException).
java.lang.IllegalArgumentException: SessionContext must be an HTTP compatible
implementation.
at
org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103)
~[shiro-all-1.7.0.jar:?]
at
org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64)
~[shiro-all-1.7.0.jar:?]
at
org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:152)
~[shiro-all-1.7.0.jar:?]
at
org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:340)
~[shiro-all-1.7.0.jar:?]
As I understand, for rmi server I must create another security manager:
SecurityManager securityManager = new DefaultSecurityManager(myRealm);
Could anyone say — if it is possible to use the same Realm instance (already
initialized) for the second security manager?
--
Best regards, Alex Orlov
