shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Penzov <peter.pen...@gmail.com>
Subject Re: Get list of all logged users from Apache Shiro
Date Wed, 11 May 2016 11:12:53 GMT
>It might break something else, depending on why your app is using the
"ServletContainerSessionManager" in the first place.

Well I found this example on Google. I can change it with no problem.

>You could ask the person who set this up for you?

I'm the only one working on this code. Unfortunatly my Java knowledge is
too basic.

Well I would be happy if someone give me a hand for this. For this
implementation I need a lot of knowlegde which I don't have.

On Wed, May 11, 2016 at 2:00 PM, Richard Bradley <
Richard.Bradley@softwire.com> wrote:

> > I found this code example ... Is this going to work?
>
> No, as you can see that code casts the SessionManager to a
> "DefaultSessionManager" instance, but your SessionManager is of an
> incompatible type.
>
> > What if I change the SessionManager with something that runs on all
> > application servers?
>
> That might also work.
> It might break something else, depending on why your app is using the
> "ServletContainerSessionManager" in the first place.
> You might well be relying on some feature of that (e.g. integration with
> Tomcat sessions).
> You could ask the person who set this up for you?
>
> I can't write this code for you, sorry. I don’t have the time.
>
>
>
> -----Original Message-----
> From: Peter Penzov [mailto:peter.penzov@gmail.com]
> Sent: 11 May 2016 11:44
> To: dev@shiro.apache.org
> Subject: Re: Get list of all logged users from Apache Shiro
>
> I found this code example
>
>
> http://stackoverflow.com/questions/21095471/how-to-check-that-user-has-already-logged-in-using-apache-shiro
>
>
> import java.io.Serializable;
> import javax.faces.view.ViewScoped;
> import javax.inject.Named;
> import org.apache.shiro.authc.AuthenticationException;
> import org.apache.shiro.authc.AuthenticationToken;
> import org.apache.shiro.session.Session; import
> org.apache.shiro.session.mgt.DefaultSessionManager;
> import org.apache.shiro.subject.SimplePrincipalCollection;
> import org.apache.shiro.subject.Subject; import
> org.apache.shiro.subject.support.DefaultSubjectContext;
>
> @Named
> @ViewScoped
> public class ActiveAccounts extends
> org.apache.shiro.mgt.DefaultSecurityManager implements Serializable {
>     @Override
>     public Subject login(Subject subject, AuthenticationToken token)
> throws AuthenticationException {
>
>         String loginPrincipal = (String) token.getPrincipal();
>         DefaultSessionManager sm = (DefaultSessionManager)
> getSessionManager();
>         for (Session session : sm.getSessionDAO().getActiveSessions()) {
>             SimplePrincipalCollection p = (SimplePrincipalCollection)
> session
>
> .getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
>             if (p != null &&
> loginPrincipal.equals(p.getPrimaryPrincipal())) {
>                 throw new AlreadyAuthenticatedException();
>             }
>
>         }
>         return super.login(subject, token);
>     }
> }
>
> Is this going to work?
>
> On Wed, May 11, 2016 at 11:46 AM, Peter Penzov <peter.penzov@gmail.com>
> wrote:
>
> > What if I change the SessionManager with soething that runs on all
> > application servers?
> >
> > Is there any?
> >
> > On Wed, May 11, 2016 at 11:42 AM, Richard Bradley <
> > Richard.Bradley@softwire.com> wrote:
> >
> >> If your SessionManager is a "ServletContainerSessionManager", then it
> >> means that your sessions are being stored in the underlying Servlet
> >> container (e.g.  Tomcat).
> >> Shiro is not responsible for their storage; it just adds a
> >> compatibility layer between that API and its own. My code shown below
> >> won't work in that case.
> >>
> >> Your question then becomes "how do I get a list of all logged in
> >> users from my Servlet container".
> >> This SO question looks like it has an answer:
> >> http://stackoverflow.com/questions/3771103/how-do-i-get-a-list-of-all
> >> -httpsession-objects-in-a-web-application
> >>
> >> You may find other options if you poke about in the documentation or
> >> source code of your Servlet container.
> >>
> >> GL
> >>
> >>
> >> -----Original Message-----
> >> From: Peter Penzov [mailto:peter.penzov@gmail.com]
> >> Sent: 10 May 2016 18:56
> >> To: dev@shiro.apache.org
> >> Subject: Re: Get list of all logged users from Apache Shiro
> >>
> >> I tested this code:
> >>
> >> I added these lines in shiro.ini
> >>
> >> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> >> securityManager.cacheManager = $cacheManager
> >>
> >> I tested this managed bean:
> >>
> >>
> >> import java.io.Serializable;
> >> import java.lang.reflect.InvocationTargetException;
> >> import java.lang.reflect.Method;
> >> import java.util.Collection;
> >> import javax.faces.view.ViewScoped;
> >> import javax.inject.Named;
> >> import org.apache.shiro.SecurityUtils; import
> >> org.apache.shiro.mgt.DefaultSecurityManager;
> >> import org.apache.shiro.session.Session; import
> >> org.apache.shiro.session.mgt.DefaultSessionManager;
> >> import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
> >>
> >> @Named
> >> @ViewScoped
> >> public class ActiveAccounts implements Serializable {
> >>     public Collection<Session> listAccounts() throws
> >> IllegalAccessException, NoSuchMethodException,
> >> IllegalArgumentException, InvocationTargetException
> >>     {
> >>         DefaultSecurityManager manager = (DefaultSecurityManager)
> >> SecurityUtils.getSecurityManager();
> >>         DefaultWebSessionManager sessionManager =
> >> (DefaultWebSessionManager) manager.getSessionManager();
> >>         // invoke "sessionManager.getActiveSessions()" via reflection:
> >>         Method getActiveSessionsMethod =
> >> DefaultSessionManager.class.getDeclaredMethod("getActiveSessions");
> >>         getActiveSessionsMethod.setAccessible(true);
> >>         Collection<Session> activeSessions = (Collection<Session>)
> >> getActiveSessionsMethod.invoke(sessionManager);
> >>
> >>         return activeSessions;
> >>     }
> >>
> >> }
> >>
> >> But when I run this code I get
> >>
> >> javax.faces.el.EvaluationException: java.lang.ClassCastException:
> >> org.apache.shiro.web.session.mgt.ServletContainerSessionManager
> >> cannot be cast to
> >> org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> >> at
> >> javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(Met
> >> hodBindingMethodExpressionAdapter.java:101)
> >> at
> >> com.sun.faces.application.ActionListenerImpl.processAction(ActionList
> >> enerImpl.java:102) at
> >> javax.faces.component.UICommand.broadcast(UICommand.java:315)
> >> at
> >> javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790)
> >> at
> >> javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1
> >> 282)
> >> at
> >> com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicat
> >> ionPhase.java:81) at
> >> com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
> >> at
> >> com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198)
> >> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> >> icationFilterChain.java:292)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> >> ilterChain.java:207) at
> >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
> >> )
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> >> icationFilterChain.java:240)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> >> ilterChain.java:207)
> >> at
> >> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilte
> >> rChain.java:61)
> >> at
> >> org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.j
> >> ava:108)
> >> at
> >> org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilt
> >> er.java:137)
> >> at
> >> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerReq
> >> uestFilter.java:125)
> >> at
> >> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilte
> >> rChain.java:66)
> >> at
> >> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(Abstrac
> >> tShiroFilter.java:449)
> >> at
> >> org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiro
> >> Filter.java:365)
> >> at
> >> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallab
> >> le.java:90)
> >> at
> >> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable
> >> .java:83)
> >> at
> >> org.apache.shiro.subject.support.DelegatingSubject.execute(Delegating
> >> Subject.java:383)
> >> at
> >> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(Abs
> >> tractShiroFilter.java:362)
> >> at
> >> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerReq
> >> uestFilter.java:125)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> >> icationFilterChain.java:240)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> >> ilterChain.java:207)
> >> at
> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
> >> alve.java:212)
> >> at
> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
> >> alve.java:106)
> >> at
> >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
> >> torBase.java:502)
> >> at
> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
> >> ava:141)
> >> at
> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
> >> ava:79)
> >> at
> >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcce
> >> ssLogValve.java:616)
> >> at
> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
> >> ve.java:88)
> >> at
> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
> >> a:522)
> >> at
> >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp
> >> 11Processor.java:1095)
> >> at
> >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
> >> AbstractProtocol.java:672)
> >> at
> >> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpo
> >> int.java:2500)
> >> at
> >> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoin
> >> t.java:2489)
> >> at
> >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
> >> java:1142)
> >> at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
> >> .java:617)
> >> at
> >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh
> >> read.java:61) at java.lang.Thread.run(Thread.java:745)
> >> Caused by: java.lang.ClassCastException:
> >> org.apache.shiro.web.session.mgt.ServletContainerSessionManager
> >> cannot be cast to
> >> org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> >> at
> >> com.crm.web.authentication.ActiveAccounts.listAccounts(ActiveAccounts
> >> .java:22) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> >> Method) at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
> >> java:62)
> >> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> >> sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498)
> >> at org.apache.el.parser.AstValue.invoke(AstValue.java:247)
> >> at
> >> org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:2
> >> 67)
> >> at
> >> org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMe
> >> thodExpression.java:40)
> >> at
> >> org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.ja
> >> va:50)
> >> at
> >> com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpress
> >> ion.java:105)
> >> at
> >> javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(Met
> >> hodBindingMethodExpressionAdapter.java:87)
> >> ... 43 more
> >>
> >>
> >>
> >> Can you give some advice how to fix it?
> >>
> >>
> >>
> >> On Tue, May 10, 2016 at 5:06 PM, Richard Bradley <
> >> Richard.Bradley@softwire.com> wrote:
> >>
> >> > If you are using in-memory sessions or EHCache, then
> >> > DefaultSessionManager.getActiveSessions() should work. It's a
> >> "protected"
> >> > method which is designed for use by the stale session sweeper thread.
> >> >
> >> > import org.apache.shiro.SecurityUtils; import
> >> > org.apache.shiro.mgt.DefaultSecurityManager;
> >> > import org.apache.shiro.session.Session; import
> >> > org.apache.shiro.session.mgt.DefaultSessionManager;
> >> > import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
> >> >
> >> >         DefaultSecurityManager manager = (DefaultSecurityManager)
> >> > SecurityUtils.getSecurityManager();
> >> >         DefaultWebSessionManager sessionManager =
> >> > (DefaultWebSessionManager) manager.getSessionManager();
> >> >         // invoke "sessionManager.getActiveSessions()" via reflection:
> >> >         Method getActiveSessionsMethod =
> >> > DefaultSessionManager.class.getDeclaredMethod("getActiveSessions");
> >> >         getActiveSessionsMethod.setAccessible(true);
> >> >         Collection<Session> activeSessions = (Collection<Session>)
> >> > getActiveSessionsMethod.invoke(sessionManager);
> >> >
> >> >         return activeSessions.toString();
> >> >
> >> >
> >> > If you have a more complicated setup, then you need to have a look
> >> > at the implementation of your SessionDAO and adjust the above code
> >> accordingly.
> >> > (The default setup should work with the above code; I think you can
> >> > remove the cache you added in your email below.)
> >> >
> >> > GL
> >> >
> >> >
> >> > Rich
> >> >
> >> >
> >> > -----Original Message-----
> >> > From: Peter Penzov [mailto:peter.penzov@gmail.com]
> >> > Sent: 10 May 2016 11:07
> >> > To: dev@shiro.apache.org
> >> > Subject: Re: Get list of all logged users from Apache Shiro
> >> >
> >> > Thanks, I added
> >> >
> >> > cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> >> > securityManager.cacheManager = $cacheManager
> >> >
> >> > How I can get the sessions using Java. Can you show me some Java
> >> > code sample, please?
> >> >
> >> >
> >> >
> >> > On Tue, May 10, 2016 at 12:56 PM, Thibault TIGEON <
> >> > thibault.tigeon@gmail.com
> >> > > wrote:
> >> >
> >> > > You can find the documentation concerning the cache here :
> >> > > http://shiro.apache.org/caching.html
> >> > >
> >> > > Rgds,
> >> > >
> >> > > Thibault
> >> > >
> >> > > 2016-05-10 11:33 GMT+02:00 Peter Penzov <peter.penzov@gmail.com>:
> >> > >
> >> > > > Hi Darin,
> >> > > >    Thank you for the response. I use this shiro.ini configuration:
> >> > > >
> >> > > > [main]
> >> > > > shiro.loginUrl = /authentication/login.xhtml dataSource =
> >> > > > org.apache.shiro.jndi.JndiObjectFactory
> >> > > > dataSource.resourceName = jdbc/DefaultDB dataSource.resourceRef
> >> > > > = true jdbcRealm = com.crm.web.authentication.JdbcRealm
> >> > > > jdbcRealm.dataSource = $dataSource
> >> > > > jdbcRealm.permissionsLookupEnabled = true securityManager.realm
> >> > > > = $jdbcRealm passwordMatcher =
> >> > > > org.apache.shiro.authc.credential.Sha256CredentialsMatcher
> >> > > > credentialsMatcher =
> >> > > > org.apache.shiro.authc.credential.HashedCredentialsMatcher
> >> > > > credentialsMatcher.hashAlgorithmName = SHA-256
> >> > > > credentialsMatcher.storedCredentialsHexEncoded = true
> >> > > > credentialsMatcher.hashIterations = 5000 multipleroles =
> >> > > com.crm.web.authentication.MultipleRolesAuthorizationFilter
> >> > > >
> >> > > > [urls]
> >> > > > /authentication/login.xhtml = authc
> >> > > > /authentication/passwordreset.xhtml = anon
> >> > > > /javax.faces.resource/** = anon
> >> > > > /** = authc
> >> > > >
> >> > > > How I can add cache?
> >> > > >
> >> > > > On Tue, May 10, 2016 at 12:18 PM, Darin Gordon
> >> > > > <darinc@gmail.com>
> >> > wrote:
> >> > > >
> >> > > > > If you're using a cache, you could get active sessions from
> >> > > > > it , deserialize each session, and find those that have
the "
> >> > > > > is
> >> > > > authenticated "
> >> > > > > flag set.  Authenticated sessions will have user
> >> > > > > identification in
> >> > > them,
> >> > > > > too.
> >> > > > > On May 10, 2016 2:26 AM, "Peter Penzov"
> >> > > > > <peter.penzov@gmail.com>
> >> > > wrote:
> >> > > > >
> >> > > > > > Hi All,
> >> > > > > >    How I can get all logged in users as a list in Apache
> Shiro?
> >> > > > > >
> >> > > > > > Can you give me some example?
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> > Richard Bradley
> >> > Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575
> >> >
> >> > softwire
> >> > Sunday Times Best Small Companies - UK top 25 six years running Web :
> >> > www.softwire.com<http://www.softwire.com/> | Follow us on Twitter
:
> >> > @SoftwireUK<https://twitter.com/SoftwireUK>
> >> > Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL
> >> > Softwire Technology Limited. Registered in England no. 3824658.
> >> > Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley,
> London.
> >> N3 2FG
> >> >
> >> Richard Bradley
> >> Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575
> >>
> >> softwire
> >> Sunday Times Best Small Companies - UK top 25 six years running Web :
> >> www.softwire.com<http://www.softwire.com/> | Follow us on Twitter
> >> : @SoftwireUK<https://twitter.com/SoftwireUK>
> >> Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL
> >> Softwire Technology Limited. Registered in England no. 3824658.
> >> Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley,
> >> London. N3 2FG
> >>
> >
> >
> Richard Bradley
> Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575
>
> softwire
> Sunday Times Best Small Companies - UK top 25 six years running
> Web : www.softwire.com<http://www.softwire.com/> | Follow us on Twitter :
> @SoftwireUK<https://twitter.com/SoftwireUK>
> Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL
> Softwire Technology Limited. Registered in England no. 3824658. Registered
> Office : Gallery Court, 28 Arcadia Avenue, Finchley, London. N3 2FG
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message