shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Penzov <peter.pen...@gmail.com>
Subject Re: Get list of all logged users from Apache Shiro
Date Wed, 11 May 2016 05:02:22 GMT
Kind remind.

On Tue, May 10, 2016 at 8:55 PM, Peter Penzov <peter.penzov@gmail.com>
wrote:

> I tested this code:
>
> I added these lines in shiro.ini
>
> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> securityManager.cacheManager = $cacheManager
>
> I tested this managed bean:
>
>
> import java.io.Serializable;
> import java.lang.reflect.InvocationTargetException;
> import java.lang.reflect.Method;
> import java.util.Collection;
> import javax.faces.view.ViewScoped;
> import javax.inject.Named;
> import org.apache.shiro.SecurityUtils;
> import org.apache.shiro.mgt.DefaultSecurityManager;
> import org.apache.shiro.session.Session;
> import org.apache.shiro.session.mgt.DefaultSessionManager;
> import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
>
> @Named
> @ViewScoped
> public class ActiveAccounts implements Serializable
> {
>     public Collection<Session> listAccounts() throws
> IllegalAccessException, NoSuchMethodException, IllegalArgumentException,
> InvocationTargetException
>     {
>         DefaultSecurityManager manager = (DefaultSecurityManager)
> SecurityUtils.getSecurityManager();
>         DefaultWebSessionManager sessionManager =
> (DefaultWebSessionManager) manager.getSessionManager();
>         // invoke "sessionManager.getActiveSessions()" via reflection:
>         Method getActiveSessionsMethod =
> DefaultSessionManager.class.getDeclaredMethod("getActiveSessions");
>         getActiveSessionsMethod.setAccessible(true);
>         Collection<Session> activeSessions = (Collection<Session>)
> getActiveSessionsMethod.invoke(sessionManager);
>
>         return activeSessions;
>     }
>
> }
>
> But when I run this code I get
>
> javax.faces.el.EvaluationException: java.lang.ClassCastException: org.apache.shiro.web.session.mgt.ServletContainerSessionManager
cannot be cast to org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> 	at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:101)
> 	at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
> 	at javax.faces.component.UICommand.broadcast(UICommand.java:315)
> 	at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790)
> 	at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282)
> 	at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
> 	at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
> 	at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198)
> 	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
> 	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
> 	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
> 	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
> 	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
> 	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> 	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
> 	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
> 	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
> 	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
> 	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
> 	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
> 	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
> 	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
> 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
> 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
> 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
> 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
> 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
> 	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
> 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
> 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522)
> 	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095)
> 	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
> 	at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2500)
> 	at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2489)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.ClassCastException: org.apache.shiro.web.session.mgt.ServletContainerSessionManager
cannot be cast to org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> 	at com.crm.web.authentication.ActiveAccounts.listAccounts(ActiveAccounts.java:22)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:498)
> 	at org.apache.el.parser.AstValue.invoke(AstValue.java:247)
> 	at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:267)
> 	at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
> 	at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
> 	at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
> 	at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87)
> 	... 43 more
>
>
>
> Can you give some advice how to fix it?
>
>
>
> On Tue, May 10, 2016 at 5:06 PM, Richard Bradley <
> Richard.Bradley@softwire.com> wrote:
>
>> If you are using in-memory sessions or EHCache, then
>> DefaultSessionManager.getActiveSessions() should work. It's a "protected"
>> method which is designed for use by the stale session sweeper thread.
>>
>> import org.apache.shiro.SecurityUtils;
>> import org.apache.shiro.mgt.DefaultSecurityManager;
>> import org.apache.shiro.session.Session;
>> import org.apache.shiro.session.mgt.DefaultSessionManager;
>> import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
>>
>>         DefaultSecurityManager manager = (DefaultSecurityManager)
>> SecurityUtils.getSecurityManager();
>>         DefaultWebSessionManager sessionManager =
>> (DefaultWebSessionManager) manager.getSessionManager();
>>         // invoke "sessionManager.getActiveSessions()" via reflection:
>>         Method getActiveSessionsMethod =
>> DefaultSessionManager.class.getDeclaredMethod("getActiveSessions");
>>         getActiveSessionsMethod.setAccessible(true);
>>         Collection<Session> activeSessions = (Collection<Session>)
>> getActiveSessionsMethod.invoke(sessionManager);
>>
>>         return activeSessions.toString();
>>
>>
>> If you have a more complicated setup, then you need to have a look at the
>> implementation of your SessionDAO and adjust the above code accordingly.
>> (The default setup should work with the above code; I think you can
>> remove the cache you added in your email below.)
>>
>> GL
>>
>>
>> Rich
>>
>>
>> -----Original Message-----
>> From: Peter Penzov [mailto:peter.penzov@gmail.com]
>> Sent: 10 May 2016 11:07
>> To: dev@shiro.apache.org
>> Subject: Re: Get list of all logged users from Apache Shiro
>>
>> Thanks, I added
>>
>> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>> securityManager.cacheManager = $cacheManager
>>
>> How I can get the sessions using Java. Can you show me some Java code
>> sample, please?
>>
>>
>>
>> On Tue, May 10, 2016 at 12:56 PM, Thibault TIGEON <
>> thibault.tigeon@gmail.com
>> > wrote:
>>
>> > You can find the documentation concerning the cache here :
>> > http://shiro.apache.org/caching.html
>> >
>> > Rgds,
>> >
>> > Thibault
>> >
>> > 2016-05-10 11:33 GMT+02:00 Peter Penzov <peter.penzov@gmail.com>:
>> >
>> > > Hi Darin,
>> > >    Thank you for the response. I use this shiro.ini configuration:
>> > >
>> > > [main]
>> > > shiro.loginUrl = /authentication/login.xhtml dataSource =
>> > > org.apache.shiro.jndi.JndiObjectFactory
>> > > dataSource.resourceName = jdbc/DefaultDB dataSource.resourceRef =
>> > > true jdbcRealm = com.crm.web.authentication.JdbcRealm
>> > > jdbcRealm.dataSource = $dataSource
>> > > jdbcRealm.permissionsLookupEnabled = true securityManager.realm =
>> > > $jdbcRealm passwordMatcher =
>> > > org.apache.shiro.authc.credential.Sha256CredentialsMatcher
>> > > credentialsMatcher =
>> > > org.apache.shiro.authc.credential.HashedCredentialsMatcher
>> > > credentialsMatcher.hashAlgorithmName = SHA-256
>> > > credentialsMatcher.storedCredentialsHexEncoded = true
>> > > credentialsMatcher.hashIterations = 5000 multipleroles =
>> > com.crm.web.authentication.MultipleRolesAuthorizationFilter
>> > >
>> > > [urls]
>> > > /authentication/login.xhtml = authc
>> > > /authentication/passwordreset.xhtml = anon
>> > > /javax.faces.resource/** = anon
>> > > /** = authc
>> > >
>> > > How I can add cache?
>> > >
>> > > On Tue, May 10, 2016 at 12:18 PM, Darin Gordon <darinc@gmail.com>
>> wrote:
>> > >
>> > > > If you're using a cache, you could get active sessions from it ,
>> > > > deserialize each session, and find those that have the " is
>> > > authenticated "
>> > > > flag set.  Authenticated sessions will have user identification in
>> > them,
>> > > > too.
>> > > > On May 10, 2016 2:26 AM, "Peter Penzov" <peter.penzov@gmail.com>
>> > wrote:
>> > > >
>> > > > > Hi All,
>> > > > >    How I can get all logged in users as a list in Apache Shiro?
>> > > > >
>> > > > > Can you give me some example?
>> > > > >
>> > > >
>> > >
>> >
>> Richard Bradley
>> Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575
>>
>> softwire
>> Sunday Times Best Small Companies - UK top 25 six years running
>> Web : www.softwire.com<http://www.softwire.com/> | Follow us on Twitter
>> : @SoftwireUK<https://twitter.com/SoftwireUK>
>> Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL
>> Softwire Technology Limited. Registered in England no. 3824658.
>> Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley, London. N3
>> 2FG
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message