shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel J. Lauk" <daniel.l...@gmail.com>
Subject Re: Trouble with custom implementation of 'assumeIdentity'
Date Thu, 19 Feb 2009 06:26:04 GMT
Did you try to build from subversion?
I did not find tags on the subversion tree, so I download the zipped package.

Cheers,
DJ

2009/2/19 Brad Whitaker <brad@rumblecard.com>:
> I was unable to apply this patch. The source files seem to have changed
> significantly. How were you able to do this?
>
> Daniel J. Lauk wrote:
>
> Hi there.
>
> I'm back and have good news: With the patch applied the logout is
> working just fine.
>
> Thanks a lot, Les!
>
> Kind regards,
> DJ
>
> 2009/2/18 Daniel J. Lauk <daniel.lauk@gmail.com>:
>
>
> Hi Les,
>
> thank you very much for pointing this out.
> I'll try my luck with the patch there and report the results later.
>
> Cheers,
> DJ
>
> 2009/2/18 Les Hazlewood <les.hazlewood@anjinllc.com>:
>
>
> Hi Daniel,
>
> There is an issue filed here:  https://issues.apache.org/jira/browse/JSEC-58
>
> This happens because Spring is calling httpServletRequest.getUserPrincipal()
> after logout.  The JSecurityHttpServletRequest wrapper will just call
> SecurityUtils.getSubject(), without regard to if logout has been called yet
> or not.  If logout has already been called,
> SecurityUtils.getSubject().getSession() will create a new session and that
> shouldn't occur during requests that have already been invalidated.
>
> The implementation fix will ensure that, if the subject has logged out or
> the session has been invalidated, that we'll probably return null in those
> cases.
>
> On Mon, Feb 16, 2009 at 2:38 PM, Daniel J. Lauk <daniel.lauk@gmail.com>
> wrote:
>
>
> Hi List.
>
> We're having some trouble with the assume identity stuff I posted
> about a month ago.
> (I attached the classes enabling this functionality to
> https://issues.apache.org/jira/browse/JSEC-37)
>
> When we logout on Tomcat or Glassfish (grails' jetty is no problem) an
> exception occurs.
>
> My best guess is, that the logout invalidates the session. And as my
> implementation of an assumed identity decorator stores the assumed
> identity in the session, this seems to upset the servlet container.
> I have the strange feeling that this is related with the
> "releaseIdentity" not working properly (i.e. the field in the session
> is empty, but getPrincipal() still returns the assumed identity) and
> my implementation of getPrincipals.
>
> Any input is highly appreciated!
>
> Kind regards,
> DJ
>
> For completeness' sake, this is the stacktrace:
>
> SEVERE: ApplicationDispatcher[] PWC1231: Servlet.service() for servlet
> grails threw exception
> java.lang.IllegalStateException: PWC3999: Cannot create a session
> after the response has been committed
>    at
> org.apache.catalina.connector.Request.doGetSession(Request.java:2835)
>    at org.apache.catalina.connector.Request.getSession(Request.java:2570)
>    at
> org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:910)
>    at
> javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:227)
>    at
> org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:645)
>    at
> javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:227)
>    at
> org.jsecurity.web.servlet.JSecurityHttpServletRequest.getSession(JSecurityHttpServletRequest.java:143)
>    at
> org.jsecurity.web.servlet.JSecurityHttpServletRequest.getSession(JSecurityHttpServletRequest.java:165)
>    at
> org.jsecurity.web.session.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:78)
>    at
> org.jsecurity.session.mgt.AbstractSessionManager.start(AbstractSessionManager.java:62)
>    at
> org.jsecurity.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:178)
>    at
> org.jsecurity.subject.DelegatingSubject.getSession(DelegatingSubject.java:284)
>    at
> org.jsecurity.subject.DelegatingSubject.getSession(DelegatingSubject.java:272)
>    at
> org.jsecurity.subject.AbstractSubjectDecorator.getSession(AbstractSubjectDecorator.java:65)
>    at
> org.jsecurity.subject.AssumeIdentitySubject.getAssumedPrincipal(AssumeIdentitySubject.java:118)
>    at
> org.jsecurity.subject.AssumeIdentitySubject.getPrincipals(AssumeIdentitySubject.java:142)
>    at
> org.jsecurity.web.DefaultWebSecurityManager.bind(DefaultWebSecurityManager.java:240)
>    at
> org.jsecurity.web.DefaultWebSecurityManager.bind(DefaultWebSecurityManager.java:235)
>    at
> org.jsecurity.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:418)
>    at
> org.jsecurity.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:424)
>    at org.jsecurity.SecurityUtils.getSubject(SecurityUtils.java:53)
>    at
> org.jsecurity.web.servlet.JSecurityHttpServletRequest.getSubject(JSecurityHttpServletRequest.java:88)
>    at
> org.jsecurity.web.servlet.JSecurityHttpServletRequest.getSubjectPrincipal(JSecurityHttpServletRequest.java:93)
>    at
> org.jsecurity.web.servlet.JSecurityHttpServletRequest.getUserPrincipal(JSecurityHttpServletRequest.java:111)
>    at
> org.springframework.web.servlet.FrameworkServlet.getUsernameForRequest(FrameworkServlet.java:615)
>    at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:596)
>    at
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
>    at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
>    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>    at
> org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:431)
>    at
> org.apache.catalina.core.ApplicationDispatcher.doInvoke(ApplicationDispatcher.java:885)
>    at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:732)
>    at
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:554)
>    at
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:485)
>    at
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:377)
>    at
> org.codehaus.groovy.grails.web.util.WebUtils.forwardRequestForUrlMappingInfo(WebUtils.java:207)
>    at
> org.codehaus.groovy.grails.web.util.WebUtils.forwardRequestForUrlMappingInfo(WebUtils.java:196)
>    at
> org.codehaus.groovy.grails.web.mapping.filter.UrlMappingsFilter.doFilterInternal(UrlMappingsFilter.java:129)
>    at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
>    at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250)
>    at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:218)
>    at
> org.codehaus.groovy.grails.web.sitemesh.GrailsPageFilter.parsePage(GrailsPageFilter.java:122)
>    at
> org.codehaus.groovy.grails.web.sitemesh.GrailsPageFilter.doFilter(GrailsPageFilter.java:85)
>    at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250)
>    at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:218)
>    at
> org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
>    at
> org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
>    at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250)
>    at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:218)
>    at
> org.codehaus.groovy.grails.web.servlet.filter.GrailsReloadServletFilter.doFilterInternal(GrailsReloadServletFilter.java:101)
>    at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
>    at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250)
>    at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:218)
>    at
> org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:65)
>    at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
>    at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250)
>    at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:218)
>    at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96)
>    at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
>    at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
>    at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
>    at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:250)
>    at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:218)
>    at
> org.apache.catalina.core.StandardWrapperValve.preInvoke(StandardWrapperValve.java:460)
>    at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:139)
>    at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:186)
>    at
> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:719)
>    at
> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:657)
>    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:96)
>    at
> com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
>    at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
>    at
> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:719)
>    at
> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:657)
>    at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:651)
>    at
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1030)
>    at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:142)
>    at
> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:719)
>    at
> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:657)
>    at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:651)
>    at
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1030)
>    at
> org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:325)
>    at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:242)
>    at
> com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:180)
>    at
> com.sun.grizzly.http.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:633)
>    at
> com.sun.grizzly.http.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:570)
>    at
> com.sun.grizzly.http.DefaultProcessorTask.process(DefaultProcessorTask.java:827)
>    at
> com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:152)
>    at
> com.sun.enterprise.v3.services.impl.GlassfishProtocolChain.executeProtocolFilter(GlassfishProtocolChain.java:71)
>    at
> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:103)
>    at
> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:89)
>    at
> com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
>    at
> com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:67)
>    at
> com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:56)
>    at
> com.sun.grizzly.util.WorkerThreadImpl.processTask(WorkerThreadImpl.java:325)
>    at com.sun.grizzly.util.WorkerThreadImpl.run(WorkerThreadImpl.java:184)
>
>
>
>
>
>

Mime
View raw message