Configuring shiro on a cluster

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Configuring shiro on a cluster

Prem Prakash Sharma
Hi all,

I was trying to run shiro on multiple nodes with a load balancer for routing the requests, I have written two wrapper APIs on top for authenticate and role/permission check respectively. I was able to get it working on a single node but in case of multiple nodes if subsequent apis hit different nodes I get “ This subject is anonymous” error I figured that the subject is not shared so I configured a session persistence with hazelcast and enterprise cache session DAO but still got the error, I am pretty new to shiro so I feel I am missing some configurations or have made some mistake in configs, PFA the config file




Regards,
Prem


shiro.ini (689 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Configuring shiro on a cluster

Brian Demers
You can either configure your container for the clustering or have Shiro manage it: https://shiro.apache.org/session-management.html#SessionManagement-SessionClustering

On Tue, Jan 22, 2019 at 6:41 AM Prem Prakash Sharma <[hidden email]> wrote:
Hi all,

I was trying to run shiro on multiple nodes with a load balancer for routing the requests, I have written two wrapper APIs on top for authenticate and role/permission check respectively. I was able to get it working on a single node but in case of multiple nodes if subsequent apis hit different nodes I get “ This subject is anonymous” error I figured that the subject is not shared so I configured a session persistence with hazelcast and enterprise cache session DAO but still got the error, I am pretty new to shiro so I feel I am missing some configurations or have made some mistake in configs, PFA the config file



Regards,
Prem

Reply | Threaded
Open this post in threaded view
|

Re: Configuring shiro on a cluster

Prem Prakash Sharma
Hey Brian,
I did try to add the session clustering using hazelcast, it still gave the same errors

To explain the scenario a bit further, there are vertx servers which are running shiro for auth, there are two apis one for authenticate to verify the credentials and return a custom generated token and a second api for authorisation to do a role and permission check in this api I have the following line which is giving the subject is anonymous error
Subject currentUser = SecurityUtils.getSubject();

The get subject method performs a thread context bind, what I do not understand is how after configuring the session management on shiro will this change. I feel I am missing something here or I might have to get the subject in a different way. If there is some other way can you point me to some documentation for that.

Thanks & Regards,
Prem

> On 22-Jan-2019, at 7:55 PM, Brian Demers <[hidden email]> wrote:
>
> You can either configure your container for the clustering or have Shiro manage it: https://shiro.apache.org/session-management.html#SessionManagement-SessionClustering
>
> On Tue, Jan 22, 2019 at 6:41 AM Prem Prakash Sharma <[hidden email]> wrote:
> Hi all,
>
> I was trying to run shiro on multiple nodes with a load balancer for routing the requests, I have written two wrapper APIs on top for authenticate and role/permission check respectively. I was able to get it working on a single node but in case of multiple nodes if subsequent apis hit different nodes I get “ This subject is anonymous” error I figured that the subject is not shared so I configured a session persistence with hazelcast and enterprise cache session DAO but still got the error, I am pretty new to shiro so I feel I am missing some configurations or have made some mistake in configs, PFA the config file
>
>
>
> Regards,
> Prem
>

Reply | Threaded
Open this post in threaded view
|

Re: Configuring shiro on a cluster

Brian Demers
This post is a little old, but take a look: https://stormpath.com/blog/hazelcast-support-apache-shiro
If that doesn't help, put together a sample app that has the problem and post it to github and we can take a look



On Wed, Jan 23, 2019 at 6:49 AM Prem Prakash Sharma <[hidden email]> wrote:
Hey Brian,
I did try to add the session clustering using hazelcast, it still gave the same errors

To explain the scenario a bit further, there are vertx servers which are running shiro for auth, there are two apis one for authenticate to verify the credentials and return a custom generated token and a second api for authorisation to do a role and permission check in this api I have the following line which is giving the subject is anonymous error
Subject currentUser = SecurityUtils.getSubject();

The get subject method performs a thread context bind, what I do not understand is how after configuring the session management on shiro will this change. I feel I am missing something here or I might have to get the subject in a different way. If there is some other way can you point me to some documentation for that.

Thanks & Regards,
Prem

> On 22-Jan-2019, at 7:55 PM, Brian Demers <[hidden email]> wrote:
>
> You can either configure your container for the clustering or have Shiro manage it: https://shiro.apache.org/session-management.html#SessionManagement-SessionClustering
>
> On Tue, Jan 22, 2019 at 6:41 AM Prem Prakash Sharma <[hidden email]> wrote:
> Hi all,
>
> I was trying to run shiro on multiple nodes with a load balancer for routing the requests, I have written two wrapper APIs on top for authenticate and role/permission check respectively. I was able to get it working on a single node but in case of multiple nodes if subsequent apis hit different nodes I get “ This subject is anonymous” error I figured that the subject is not shared so I configured a session persistence with hazelcast and enterprise cache session DAO but still got the error, I am pretty new to shiro so I feel I am missing some configurations or have made some mistake in configs, PFA the config file
>
>
>
> Regards,
> Prem
>