shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From itsvisher <android.v...@gmail.com>
Subject Re: Login successful, but authenticated call to any other api results in 302 response.
Date Tue, 04 Apr 2017 18:27:56 GMT
Gosh!!! You were so right. It is problem of my SessionDAO implementation.
Where did I do wrong??

Here is my implementation of SessionDAO:

package com.company.core.usermanagement;

import java.io.ByteArrayInputStream;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.util.Collection;

import org.apache.log4j.Logger;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

import com.mongodb.BasicDBObject;
import com.mongodb.DBCursor;
import com.mongodb.util.JSON;

public class MongoSessionDAO extends AbstractSessionDAO {
	private static final Logger logger =
Logger.getLogger(MongoSessionDAO.class);
	MongoProvider mp = new MongoProvider();
	String localdbName = "testdb";
	Session session;

	@Override
	public void update(Session session) throws UnknownSessionException {
		logger.debug("Update session");
	}

	@Override
	public void delete(Session session) {
		logger.debug("Deleting session: " + session.getId());
		session.stop();
	}

	@Override
	public Collection<Session> getActiveSessions() {
		return null;
	}

	@Override
	protected Serializable doCreate(Session session) {
		logger.info("Inside doCreate ");
		Serializable timeUuid = generateSessionId(session);
		assignSessionId(session, timeUuid);
		save(session.getId());
		logger.info("doCreate session Id: " + session.getId());
		return session.getId();
	}

	private void save(Serializable sessionId) {
		logger.info("Saving session...");
		int id = 0;
		mp.init();
		MongoRealm mongoRealmuser = new MongoRealm(mp.getCollection(localdbName,
"usersessions"));
		MongoRealm mongoRealcounter = new MongoRealm(mp.getCollection(localdbName,
"counters"));
		id = ((Double)
mongoRealcounter.getNextSequence("usersessions")).intValue();
		logger.info("sId-----> " + sessionId);
		mp.insertDBObject(localdbName, mongoRealmuser.createUserSessions(id,
sessionId), "usersessions");
	}

	@Override
	protected Session doReadSession(Serializable sessionId) {
		logger.info("doReadSession - Looking for session id: " +
sessionId.toString());
		mp.init();

		BasicDBObject allQuery = new BasicDBObject();
		allQuery.put("session", sessionId);
		DBCursor cursor = mp.getCollection(localdbName,
"usersessions").find(allQuery);
		if (!cursor.hasNext()) {
			logger.debug("Session does not exists");
			return null;
		}

		String jOut = JSON.serialize(cursor);
		final SimpleSession session = new SimpleSession();
		session.setId(sessionId);
		try {
			JSONArray jArray = new JSONArray(jOut);
			JSONObject jb = (JSONObject) jArray.get(0);
			logger.info("Found session: " + jb.get("session"));
		} catch (JSONException e) {
			e.printStackTrace();
			logger.error("No Session is present :: " + e.toString());
		}

		return session;
	}

	@SuppressWarnings("unused")
	private static Session deserialize(String sessionStr) {
		try {
			logger.info("SessionStr >>>> " + Base64.decodeToString(sessionStr));

			// new ByteArrayInputStream(Base64.decode(sessionStr));
			ByteArrayInputStream bis = new
ByteArrayInputStream(sessionStr.getBytes());
			ObjectInputStream ois = new ObjectInputStream(bis);
			return (Session) ois.readObject();
		} catch (Exception e) {
			throw new RuntimeException("deserialize session error", e);
		}
	}
}//end of class



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Login-successful-but-authenticated-call-to-any-other-api-results-in-302-response-tp7581569p7581572.html
Sent from the Shiro User mailing list archive at Nabble.com.

Mime
View raw message