shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan Finkelstein (Created) (JIRA)" <>
Subject [jira] [Created] (SHIRO-350) Creating a subject should not create a session
Date Wed, 14 Mar 2012 19:06:41 GMT
Creating a subject should not create a session

                 Key: SHIRO-350
             Project: Shiro
          Issue Type: Bug
    Affects Versions: 1.2.0
            Reporter: Dan Finkelstein

When the following method is called:

public Subject getSubjectByLogin(final String login) {
                PrincipalCollection principals = new SimplePrincipalCollection(login, REALM_NAME);
                return new Subject.Builder().principals(principals).buildSubject();

it throws an exception on buildSubject():

Caused by: java.lang.IllegalArgumentException: SessionContext must be an HTTP compatible implementation.
        at org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(
        at org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(
        at org.apache.shiro.mgt.SessionsSecurityManager.start(
        at org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(
        at org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(
        at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(
        at org.apache.shiro.subject.Subject$Builder.buildSubject( 

It tries to create a session but really should not.

Please see forum
for more details

In our app, in our backoffice area, we display lists of users and their roles, and this functionality
is used in this way.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message