shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Penzov <peter.pen...@gmail.com>
Subject Re: Get list of all logged users from Apache Shiro
Date Thu, 12 May 2016 07:46:26 GMT
Is there someone else who have successfully implemented this?

On Wed, May 11, 2016 at 2:12 PM, Peter Penzov <peter.penzov@gmail.com>
wrote:

> >It might break something else, depending on why your app is using the
> "ServletContainerSessionManager" in the first place.
>
> Well I found this example on Google. I can change it with no problem.
>
> >You could ask the person who set this up for you?
>
> I'm the only one working on this code. Unfortunatly my Java knowledge is
> too basic.
>
> Well I would be happy if someone give me a hand for this. For this
> implementation I need a lot of knowlegde which I don't have.
>
> On Wed, May 11, 2016 at 2:00 PM, Richard Bradley <
> Richard.Bradley@softwire.com> wrote:
>
>> > I found this code example ... Is this going to work?
>>
>> No, as you can see that code casts the SessionManager to a
>> "DefaultSessionManager" instance, but your SessionManager is of an
>> incompatible type.
>>
>> > What if I change the SessionManager with something that runs on all
>> > application servers?
>>
>> That might also work.
>> It might break something else, depending on why your app is using the
>> "ServletContainerSessionManager" in the first place.
>> You might well be relying on some feature of that (e.g. integration with
>> Tomcat sessions).
>> You could ask the person who set this up for you?
>>
>> I can't write this code for you, sorry. I don’t have the time.
>>
>>
>>
>> -----Original Message-----
>> From: Peter Penzov [mailto:peter.penzov@gmail.com]
>> Sent: 11 May 2016 11:44
>> To: dev@shiro.apache.org
>> Subject: Re: Get list of all logged users from Apache Shiro
>>
>> I found this code example
>>
>>
>> http://stackoverflow.com/questions/21095471/how-to-check-that-user-has-already-logged-in-using-apache-shiro
>>
>>
>> import java.io.Serializable;
>> import javax.faces.view.ViewScoped;
>> import javax.inject.Named;
>> import org.apache.shiro.authc.AuthenticationException;
>> import org.apache.shiro.authc.AuthenticationToken;
>> import org.apache.shiro.session.Session; import
>> org.apache.shiro.session.mgt.DefaultSessionManager;
>> import org.apache.shiro.subject.SimplePrincipalCollection;
>> import org.apache.shiro.subject.Subject; import
>> org.apache.shiro.subject.support.DefaultSubjectContext;
>>
>> @Named
>> @ViewScoped
>> public class ActiveAccounts extends
>> org.apache.shiro.mgt.DefaultSecurityManager implements Serializable {
>>     @Override
>>     public Subject login(Subject subject, AuthenticationToken token)
>> throws AuthenticationException {
>>
>>         String loginPrincipal = (String) token.getPrincipal();
>>         DefaultSessionManager sm = (DefaultSessionManager)
>> getSessionManager();
>>         for (Session session : sm.getSessionDAO().getActiveSessions()) {
>>             SimplePrincipalCollection p = (SimplePrincipalCollection)
>> session
>>
>> .getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
>>             if (p != null &&
>> loginPrincipal.equals(p.getPrimaryPrincipal())) {
>>                 throw new AlreadyAuthenticatedException();
>>             }
>>
>>         }
>>         return super.login(subject, token);
>>     }
>> }
>>
>> Is this going to work?
>>
>> On Wed, May 11, 2016 at 11:46 AM, Peter Penzov <peter.penzov@gmail.com>
>> wrote:
>>
>> > What if I change the SessionManager with soething that runs on all
>> > application servers?
>> >
>> > Is there any?
>> >
>> > On Wed, May 11, 2016 at 11:42 AM, Richard Bradley <
>> > Richard.Bradley@softwire.com> wrote:
>> >
>> >> If your SessionManager is a "ServletContainerSessionManager", then it
>> >> means that your sessions are being stored in the underlying Servlet
>> >> container (e.g.  Tomcat).
>> >> Shiro is not responsible for their storage; it just adds a
>> >> compatibility layer between that API and its own. My code shown below
>> >> won't work in that case.
>> >>
>> >> Your question then becomes "how do I get a list of all logged in
>> >> users from my Servlet container".
>> >> This SO question looks like it has an answer:
>> >> http://stackoverflow.com/questions/3771103/how-do-i-get-a-list-of-all
>> >> -httpsession-objects-in-a-web-application
>> >>
>> >> You may find other options if you poke about in the documentation or
>> >> source code of your Servlet container.
>> >>
>> >> GL
>> >>
>> >>
>> >> -----Original Message-----
>> >> From: Peter Penzov [mailto:peter.penzov@gmail.com]
>> >> Sent: 10 May 2016 18:56
>> >> To: dev@shiro.apache.org
>> >> Subject: Re: Get list of all logged users from Apache Shiro
>> >>
>> >> I tested this code:
>> >>
>> >> I added these lines in shiro.ini
>> >>
>> >> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>> >> securityManager.cacheManager = $cacheManager
>> >>
>> >> I tested this managed bean:
>> >>
>> >>
>> >> import java.io.Serializable;
>> >> import java.lang.reflect.InvocationTargetException;
>> >> import java.lang.reflect.Method;
>> >> import java.util.Collection;
>> >> import javax.faces.view.ViewScoped;
>> >> import javax.inject.Named;
>> >> import org.apache.shiro.SecurityUtils; import
>> >> org.apache.shiro.mgt.DefaultSecurityManager;
>> >> import org.apache.shiro.session.Session; import
>> >> org.apache.shiro.session.mgt.DefaultSessionManager;
>> >> import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
>> >>
>> >> @Named
>> >> @ViewScoped
>> >> public class ActiveAccounts implements Serializable {
>> >>     public Collection<Session> listAccounts() throws
>> >> IllegalAccessException, NoSuchMethodException,
>> >> IllegalArgumentException, InvocationTargetException
>> >>     {
>> >>         DefaultSecurityManager manager = (DefaultSecurityManager)
>> >> SecurityUtils.getSecurityManager();
>> >>         DefaultWebSessionManager sessionManager =
>> >> (DefaultWebSessionManager) manager.getSessionManager();
>> >>         // invoke "sessionManager.getActiveSessions()" via reflection:
>> >>         Method getActiveSessionsMethod =
>> >> DefaultSessionManager.class.getDeclaredMethod("getActiveSessions");
>> >>         getActiveSessionsMethod.setAccessible(true);
>> >>         Collection<Session> activeSessions = (Collection<Session>)
>> >> getActiveSessionsMethod.invoke(sessionManager);
>> >>
>> >>         return activeSessions;
>> >>     }
>> >>
>> >> }
>> >>
>> >> But when I run this code I get
>> >>
>> >> javax.faces.el.EvaluationException: java.lang.ClassCastException:
>> >> org.apache.shiro.web.session.mgt.ServletContainerSessionManager
>> >> cannot be cast to
>> >> org.apache.shiro.web.session.mgt.DefaultWebSessionManager
>> >> at
>> >> javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(Met
>> >> hodBindingMethodExpressionAdapter.java:101)
>> >> at
>> >> com.sun.faces.application.ActionListenerImpl.processAction(ActionList
>> >> enerImpl.java:102) at
>> >> javax.faces.component.UICommand.broadcast(UICommand.java:315)
>> >> at
>> >> javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790)
>> >> at
>> >> javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1
>> >> 282)
>> >> at
>> >> com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicat
>> >> ionPhase.java:81) at
>> >> com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
>> >> at
>> >> com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198)
>> >> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658)
>> >> at
>> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
>> >> icationFilterChain.java:292)
>> >> at
>> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
>> >> ilterChain.java:207) at
>> >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
>> >> )
>> >> at
>> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
>> >> icationFilterChain.java:240)
>> >> at
>> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
>> >> ilterChain.java:207)
>> >> at
>> >> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilte
>> >> rChain.java:61)
>> >> at
>> >> org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.j
>> >> ava:108)
>> >> at
>> >> org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilt
>> >> er.java:137)
>> >> at
>> >> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerReq
>> >> uestFilter.java:125)
>> >> at
>> >> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilte
>> >> rChain.java:66)
>> >> at
>> >> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(Abstrac
>> >> tShiroFilter.java:449)
>> >> at
>> >> org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiro
>> >> Filter.java:365)
>> >> at
>> >> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallab
>> >> le.java:90)
>> >> at
>> >> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable
>> >> .java:83)
>> >> at
>> >> org.apache.shiro.subject.support.DelegatingSubject.execute(Delegating
>> >> Subject.java:383)
>> >> at
>> >> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(Abs
>> >> tractShiroFilter.java:362)
>> >> at
>> >> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerReq
>> >> uestFilter.java:125)
>> >> at
>> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
>> >> icationFilterChain.java:240)
>> >> at
>> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
>> >> ilterChain.java:207)
>> >> at
>> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
>> >> alve.java:212)
>> >> at
>> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
>> >> alve.java:106)
>> >> at
>> >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
>> >> torBase.java:502)
>> >> at
>> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
>> >> ava:141)
>> >> at
>> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
>> >> ava:79)
>> >> at
>> >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcce
>> >> ssLogValve.java:616)
>> >> at
>> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
>> >> ve.java:88)
>> >> at
>> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
>> >> a:522)
>> >> at
>> >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp
>> >> 11Processor.java:1095)
>> >> at
>> >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
>> >> AbstractProtocol.java:672)
>> >> at
>> >> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpo
>> >> int.java:2500)
>> >> at
>> >> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoin
>> >> t.java:2489)
>> >> at
>> >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
>> >> java:1142)
>> >> at
>> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
>> >> .java:617)
>> >> at
>> >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh
>> >> read.java:61) at java.lang.Thread.run(Thread.java:745)
>> >> Caused by: java.lang.ClassCastException:
>> >> org.apache.shiro.web.session.mgt.ServletContainerSessionManager
>> >> cannot be cast to
>> >> org.apache.shiro.web.session.mgt.DefaultWebSessionManager
>> >> at
>> >> com.crm.web.authentication.ActiveAccounts.listAccounts(ActiveAccounts
>> >> .java:22) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> >> Method) at
>> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
>> >> java:62)
>> >> at
>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>> >> sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498)
>> >> at org.apache.el.parser.AstValue.invoke(AstValue.java:247)
>> >> at
>> >> org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:2
>> >> 67)
>> >> at
>> >> org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMe
>> >> thodExpression.java:40)
>> >> at
>> >> org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.ja
>> >> va:50)
>> >> at
>> >> com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpress
>> >> ion.java:105)
>> >> at
>> >> javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(Met
>> >> hodBindingMethodExpressionAdapter.java:87)
>> >> ... 43 more
>> >>
>> >>
>> >>
>> >> Can you give some advice how to fix it?
>> >>
>> >>
>> >>
>> >> On Tue, May 10, 2016 at 5:06 PM, Richard Bradley <
>> >> Richard.Bradley@softwire.com> wrote:
>> >>
>> >> > If you are using in-memory sessions or EHCache, then
>> >> > DefaultSessionManager.getActiveSessions() should work. It's a
>> >> "protected"
>> >> > method which is designed for use by the stale session sweeper thread.
>> >> >
>> >> > import org.apache.shiro.SecurityUtils; import
>> >> > org.apache.shiro.mgt.DefaultSecurityManager;
>> >> > import org.apache.shiro.session.Session; import
>> >> > org.apache.shiro.session.mgt.DefaultSessionManager;
>> >> > import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
>> >> >
>> >> >         DefaultSecurityManager manager = (DefaultSecurityManager)
>> >> > SecurityUtils.getSecurityManager();
>> >> >         DefaultWebSessionManager sessionManager =
>> >> > (DefaultWebSessionManager) manager.getSessionManager();
>> >> >         // invoke "sessionManager.getActiveSessions()" via
>> reflection:
>> >> >         Method getActiveSessionsMethod =
>> >> > DefaultSessionManager.class.getDeclaredMethod("getActiveSessions");
>> >> >         getActiveSessionsMethod.setAccessible(true);
>> >> >         Collection<Session> activeSessions = (Collection<Session>)
>> >> > getActiveSessionsMethod.invoke(sessionManager);
>> >> >
>> >> >         return activeSessions.toString();
>> >> >
>> >> >
>> >> > If you have a more complicated setup, then you need to have a look
>> >> > at the implementation of your SessionDAO and adjust the above code
>> >> accordingly.
>> >> > (The default setup should work with the above code; I think you can
>> >> > remove the cache you added in your email below.)
>> >> >
>> >> > GL
>> >> >
>> >> >
>> >> > Rich
>> >> >
>> >> >
>> >> > -----Original Message-----
>> >> > From: Peter Penzov [mailto:peter.penzov@gmail.com]
>> >> > Sent: 10 May 2016 11:07
>> >> > To: dev@shiro.apache.org
>> >> > Subject: Re: Get list of all logged users from Apache Shiro
>> >> >
>> >> > Thanks, I added
>> >> >
>> >> > cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>> >> > securityManager.cacheManager = $cacheManager
>> >> >
>> >> > How I can get the sessions using Java. Can you show me some Java
>> >> > code sample, please?
>> >> >
>> >> >
>> >> >
>> >> > On Tue, May 10, 2016 at 12:56 PM, Thibault TIGEON <
>> >> > thibault.tigeon@gmail.com
>> >> > > wrote:
>> >> >
>> >> > > You can find the documentation concerning the cache here :
>> >> > > http://shiro.apache.org/caching.html
>> >> > >
>> >> > > Rgds,
>> >> > >
>> >> > > Thibault
>> >> > >
>> >> > > 2016-05-10 11:33 GMT+02:00 Peter Penzov <peter.penzov@gmail.com>:
>> >> > >
>> >> > > > Hi Darin,
>> >> > > >    Thank you for the response. I use this shiro.ini
>> configuration:
>> >> > > >
>> >> > > > [main]
>> >> > > > shiro.loginUrl = /authentication/login.xhtml dataSource =
>> >> > > > org.apache.shiro.jndi.JndiObjectFactory
>> >> > > > dataSource.resourceName = jdbc/DefaultDB dataSource.resourceRef
>> >> > > > = true jdbcRealm = com.crm.web.authentication.JdbcRealm
>> >> > > > jdbcRealm.dataSource = $dataSource
>> >> > > > jdbcRealm.permissionsLookupEnabled = true securityManager.realm
>> >> > > > = $jdbcRealm passwordMatcher =
>> >> > > > org.apache.shiro.authc.credential.Sha256CredentialsMatcher
>> >> > > > credentialsMatcher =
>> >> > > > org.apache.shiro.authc.credential.HashedCredentialsMatcher
>> >> > > > credentialsMatcher.hashAlgorithmName = SHA-256
>> >> > > > credentialsMatcher.storedCredentialsHexEncoded = true
>> >> > > > credentialsMatcher.hashIterations = 5000 multipleroles =
>> >> > > com.crm.web.authentication.MultipleRolesAuthorizationFilter
>> >> > > >
>> >> > > > [urls]
>> >> > > > /authentication/login.xhtml = authc
>> >> > > > /authentication/passwordreset.xhtml = anon
>> >> > > > /javax.faces.resource/** = anon
>> >> > > > /** = authc
>> >> > > >
>> >> > > > How I can add cache?
>> >> > > >
>> >> > > > On Tue, May 10, 2016 at 12:18 PM, Darin Gordon
>> >> > > > <darinc@gmail.com>
>> >> > wrote:
>> >> > > >
>> >> > > > > If you're using a cache, you could get active sessions
from
>> >> > > > > it , deserialize each session, and find those that have
the "
>> >> > > > > is
>> >> > > > authenticated "
>> >> > > > > flag set.  Authenticated sessions will have user
>> >> > > > > identification in
>> >> > > them,
>> >> > > > > too.
>> >> > > > > On May 10, 2016 2:26 AM, "Peter Penzov"
>> >> > > > > <peter.penzov@gmail.com>
>> >> > > wrote:
>> >> > > > >
>> >> > > > > > Hi All,
>> >> > > > > >    How I can get all logged in users as a list
in Apache
>> Shiro?
>> >> > > > > >
>> >> > > > > > Can you give me some example?
>> >> > > > > >
>> >> > > > >
>> >> > > >
>> >> > >
>> >> > Richard Bradley
>> >> > Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575
>> >> >
>> >> > softwire
>> >> > Sunday Times Best Small Companies - UK top 25 six years running Web
:
>> >> > www.softwire.com<http://www.softwire.com/> | Follow us on Twitter
:
>> >> > @SoftwireUK<https://twitter.com/SoftwireUK>
>> >> > Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL
>> >> > Softwire Technology Limited. Registered in England no. 3824658.
>> >> > Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley,
>> London.
>> >> N3 2FG
>> >> >
>> >> Richard Bradley
>> >> Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575
>> >>
>> >> softwire
>> >> Sunday Times Best Small Companies - UK top 25 six years running Web :
>> >> www.softwire.com<http://www.softwire.com/> | Follow us on Twitter
>> >> : @SoftwireUK<https://twitter.com/SoftwireUK>
>> >> Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL
>> >> Softwire Technology Limited. Registered in England no. 3824658.
>> >> Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley,
>> >> London. N3 2FG
>> >>
>> >
>> >
>> Richard Bradley
>> Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575
>>
>> softwire
>> Sunday Times Best Small Companies - UK top 25 six years running
>> Web : www.softwire.com<http://www.softwire.com/> | Follow us on Twitter
>> : @SoftwireUK<https://twitter.com/SoftwireUK>
>> Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL
>> Softwire Technology Limited. Registered in England no. 3824658.
>> Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley, London. N3
>> 2FG
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message