Quantcast

Login successful, but authenticated call to any other api results in 302 response.

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Login successful, but authenticated call to any other api results in 302 response.

itsvisher
This post was updated on .
Hi,

I am using Jersey Framework and decided to use Shiro for authentication mechanism.

My problem is, I am able to generate session id and authenticate the user with login url, but using the same session key for any other API call is always resulting in a 302 response. It's actually happening automatically behind the scenes, and my API call is not even getting executed to perform other stuff.

Even the logs also say that session is found, but the API code never get's executed. Also, the doReadSession is getting called for at least 11 times.

Here is my shiro.ini:

# =======================
# Shiro INI configuration
# =======================

[main]
#Defining authentication filter and realm
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
mongoRealm = com.company.core.usermanagement.MongoRealm
securityManager.realms = $mongoRealm

#Defining session DAO and session Manager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionDAO = com.company.core.usermanagement.MongoSessionDAO
sessionManager.sessionDAO = $sessionDAO
sessionManager.globalSessionTimeout = 10000

sessionManager.sessionValidationSchedulerEnabled = false
securityManager.sessionManager = $sessionManager

#Session cache manager
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

authc.loginUrl = /api/userlogin

[urls]
/api/userlogin = authc
/api/** = noSessionCreation, authc


Here are my API calls and response:

For Login:

curl -i -X POST -H "Content-Type: application/json" -d '{"username": "admin", "password": "password", "rememberMe": true}' http://localhost:8080/securitysample/api/userlogin

Response (Expected and Actual):

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965; Path=/securitysample; HttpOnly
Set-Cookie: rememberMe=deleteMe; Path=/atlantis-analytics; Max-Age=0; Expires=Mon, 03-Apr-2017 07:50:21 GMT
Set-Cookie: rememberMe=pPC2qCOGj93a/sWbOSngHMW3WFAXYnUeINnhLtuNzAf6dAh56APdoArG3k1JWuCZ4I9ljPjqmRqaPYGtalY2ZIMKkCZfs0LvjL+k+4SKTbA8BC5232jrBBYszzphSGsal4+EGPDK29OkeHUY3Yi4ld+3wMNuyP/CoaZUjcqZ5qPpj1c5ym7qFj4ylZGf4qscAOtkzqNeste0zns2jTtxakhMKzyqgAXFohrhi3eeBqmpaLGXuUN1z4v5jFxV14nqsIAVWiqr1x2BVXfAWD946UyrjYlFO92g+TQkuLxkAW2WKTyOYtFUDUM+/AVeUGQc5Tdkj8X94BkywvUuE6BpUQ7BpYaIn9PiC7L5GRRpQ+1L3elEi9XJ6OQ92x8E9xTMPMsr7iFiHqc1edUMhQJmTrRUJPx1iFa1uK+yGz9I6IsDKO4JYWlu7INouiiuFgnSOCpNhChDBXwbACJ9cFp2Fv9qcBx/Ucx5Kuh71qIJpRct53kz5C7NGffuNOmj9tvqf3vRaBZKe+RxpuiCvnFVCwLMpAHutSDA7Kh3EGkeTaYaS9oRgWdd/U/QwIEJ1j1iMVaeK7H6+EhvTr15hJTmuA==; Path=/securitysample; Max-Age=31536000; Expires=Wed, 04-Apr-2018 07:50:21 GMT; HttpOnly
Access-Control-Allow-Origin: *
Content-Type: */*
Content-Length: 18
Date: Tue, 04 Apr 2017 07:50:21 GMT

This is totally expected and I get a session id which is stored in my mongo db as well. But call to any other API is always resulting in 302 and the actual api code is never getting executed.

Any other call:

curl -i -X GET -H "Cookie: JSESSIONID=d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965" http://localhost:8080/securitysample/api/projects?username=admin

Response (Actual and not expected):


HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://localhost:8080/securitysample/api/userlogin
Content-Length: 0
Date: Tue, 04 Apr 2017 07:55:30 GMT


Here are the server logs upon calling any other API:


2017-04-04 13:25:30 DEBUG SimpleCookie:389 - Found 'JSESSIONID' cookie value [d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965]
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 DEBUG MongoSessionDAO:30 - Update session
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 DEBUG MongoSessionDAO:30 - Update session


Can someone please tell where I am doing mistake? I have spent a lot of time in reading shiro documentations and tried lots of other filters such user, anon etc. None is working. Please help.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Login successful, but authenticated call to any other api results in 302 response.

Brian Demers
Try taking the Mongo session store out of the mix, and try using
org.apache.shiro.session.mgt.eis.MemorySessionDAO

If that works, then at least you have narrowed down the problem to your session store.

On Tue, Apr 4, 2017 at 4:26 AM, itsvisher <[hidden email]> wrote:
Hi,

I am using Jersey Framework and decided to use Shiro for authentication
mechanism.

My problem is, I am able to generate session id and authenticate the user
with login url, but using the same session key for any other API call is
always resulting in a 302 response. It's actually happening automatically
behind the scenes, and my API call is not even getting executed to perform
other stuff.

Even the logs also say that session is found, but the API code never get's
executed. Also, the doReadSession is getting called for at least 11 times.

Here is my shiro.ini:


# =======================
# Shiro INI configuration
# =======================

[main]
#Defining authentication filter and realm
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
mongoRealm = com.company.core.usermanagement.MongoRealm
securityManager.realms = $mongoRealm

#Defining session DAO and session Manager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionDAO = com.company.core.usermanagement.MongoSessionDAO
sessionManager.sessionDAO = $sessionDAO
sessionManager.globalSessionTimeout = 10000

sessionManager.sessionValidationSchedulerEnabled = false
securityManager.sessionManager = $sessionManager

#Session cache manager
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

authc.loginUrl = /api/userlogin

[urls]
/api/userlogin = authc
/api/** = noSessionCreation, authc


Here are my API calls and response:

*For Login:*

curl -i -X POST -H "Content-Type: application/json" -d '{"username":
"admin", "password": "password", "rememberMe": true}'
http://localhost:8080/securitysample/api/userlogin

*Response (Expected and Actual):*

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965;
Path=/securitysample; HttpOnly
Set-Cookie: rememberMe=deleteMe; Path=/atlantis-analytics; Max-Age=0;
Expires=Mon, 03-Apr-2017 07:50:21 GMT
Set-Cookie:
rememberMe=pPC2qCOGj93a/sWbOSngHMW3WFAXYnUeINnhLtuNzAf6dAh56APdoArG3k1JWuCZ4I9ljPjqmRqaPYGtalY2ZIMKkCZfs0LvjL+k+4SKTbA8BC5232jrBBYszzphSGsal4+EGPDK29OkeHUY3Yi4ld+3wMNuyP/CoaZUjcqZ5qPpj1c5ym7qFj4ylZGf4qscAOtkzqNeste0zns2jTtxakhMKzyqgAXFohrhi3eeBqmpaLGXuUN1z4v5jFxV14nqsIAVWiqr1x2BVXfAWD946UyrjYlFO92g+TQkuLxkAW2WKTyOYtFUDUM+/AVeUGQc5Tdkj8X94BkywvUuE6BpUQ7BpYaIn9PiC7L5GRRpQ+1L3elEi9XJ6OQ92x8E9xTMPMsr7iFiHqc1edUMhQJmTrRUJPx1iFa1uK+yGz9I6IsDKO4JYWlu7INouiiuFgnSOCpNhChDBXwbACJ9cFp2Fv9qcBx/Ucx5Kuh71qIJpRct53kz5C7NGffuNOmj9tvqf3vRaBZKe+RxpuiCvnFVCwLMpAHutSDA7Kh3EGkeTaYaS9oRgWdd/U/QwIEJ1j1iMVaeK7H6+EhvTr15hJTmuA==;
Path=/securitysample; Max-Age=31536000; Expires=Wed, 04-Apr-2018 07:50:21
GMT; HttpOnly
Access-Control-Allow-Origin: *
Content-Type: */*
Content-Length: 18
Date: Tue, 04 Apr 2017 07:50:21 GMT

This is totally expected and I get a session id which is stored in my mongo
db as well. But call to any other API is always resulting in 302 and the
actual api code is never getting executed.

*Any other call:*


curl -i -X GET -H "Cookie: JSESSIONID=d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965"
http://localhost:8080/securitysample/api/projects?username=admin


*Response (Actual and not expected):*


HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://localhost:8080/securitysample/api/userlogin
Content-Length: 0
Date: Tue, 04 Apr 2017 07:55:30 GMT


Here are the server logs upon calling any other API:


2017-04-04 13:25:30 DEBUG SimpleCookie:389 - Found 'JSESSIONID' cookie value
[d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965]
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 DEBUG MongoSessionDAO:30 - Update session
2017-04-04 13:25:30 INFO  MongoSessionDAO:68 - doReadSession - Looking for
session id: d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 INFO  MongoProvider:19 - In init() Method
2017-04-04 13:25:30 INFO  MongoProvider:86 - In getCollection() Method
2017-04-04 13:25:30 INFO  MongoSessionDAO:85 - Found session:
d2594305-e7e1-4bf6-a4ea-6ff2ee9c7965
2017-04-04 13:25:30 DEBUG MongoSessionDAO:30 - Update session


Can someone please tell where I am doing mistake? I have spent a lot of time
in reading shiro documentations and tried lots of other filters such user,
anon etc. None is working. Please help.



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Login-successful-but-authenticated-call-to-any-other-api-results-in-302-response-tp7581569.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Login successful, but authenticated call to any other api results in 302 response.

itsvisher
I will try it now itself. Looks like 2 more users are facing exactly the same issue , where you have replied as well:

http://shiro-user.582556.n2.nabble.com/Shiro-rediecting-back-to-Login-after-successful-Login-td7581130.html

Will get back to you in sometime.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Login successful, but authenticated call to any other api results in 302 response.

itsvisher
In reply to this post by Brian Demers
Gosh!!! You were so right. It is problem of my SessionDAO implementation. Where did I do wrong??

Here is my implementation of SessionDAO:

package com.company.core.usermanagement;

import java.io.ByteArrayInputStream;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.util.Collection;

import org.apache.log4j.Logger;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

import com.mongodb.BasicDBObject;
import com.mongodb.DBCursor;
import com.mongodb.util.JSON;

public class MongoSessionDAO extends AbstractSessionDAO {
        private static final Logger logger = Logger.getLogger(MongoSessionDAO.class);
        MongoProvider mp = new MongoProvider();
        String localdbName = "testdb";
        Session session;

        @Override
        public void update(Session session) throws UnknownSessionException {
                logger.debug("Update session");
        }

        @Override
        public void delete(Session session) {
                logger.debug("Deleting session: " + session.getId());
                session.stop();
        }

        @Override
        public Collection<Session> getActiveSessions() {
                return null;
        }

        @Override
        protected Serializable doCreate(Session session) {
                logger.info("Inside doCreate ");
                Serializable timeUuid = generateSessionId(session);
                assignSessionId(session, timeUuid);
                save(session.getId());
                logger.info("doCreate session Id: " + session.getId());
                return session.getId();
        }

        private void save(Serializable sessionId) {
                logger.info("Saving session...");
                int id = 0;
                mp.init();
                MongoRealm mongoRealmuser = new MongoRealm(mp.getCollection(localdbName, "usersessions"));
                MongoRealm mongoRealcounter = new MongoRealm(mp.getCollection(localdbName, "counters"));
                id = ((Double) mongoRealcounter.getNextSequence("usersessions")).intValue();
                logger.info("sId-----> " + sessionId);
                mp.insertDBObject(localdbName, mongoRealmuser.createUserSessions(id, sessionId), "usersessions");
        }

        @Override
        protected Session doReadSession(Serializable sessionId) {
                logger.info("doReadSession - Looking for session id: " + sessionId.toString());
                mp.init();

                BasicDBObject allQuery = new BasicDBObject();
                allQuery.put("session", sessionId);
                DBCursor cursor = mp.getCollection(localdbName, "usersessions").find(allQuery);
                if (!cursor.hasNext()) {
                        logger.debug("Session does not exists");
                        return null;
                }

                String jOut = JSON.serialize(cursor);
                final SimpleSession session = new SimpleSession();
                session.setId(sessionId);
                try {
                        JSONArray jArray = new JSONArray(jOut);
                        JSONObject jb = (JSONObject) jArray.get(0);
                        logger.info("Found session: " + jb.get("session"));
                } catch (JSONException e) {
                        e.printStackTrace();
                        logger.error("No Session is present :: " + e.toString());
                }

                return session;
        }

        @SuppressWarnings("unused")
        private static Session deserialize(String sessionStr) {
                try {
                        logger.info("SessionStr >>>> " + Base64.decodeToString(sessionStr));

                        // new ByteArrayInputStream(Base64.decode(sessionStr));
                        ByteArrayInputStream bis = new ByteArrayInputStream(sessionStr.getBytes());
                        ObjectInputStream ois = new ObjectInputStream(bis);
                        return (Session) ois.readObject();
                } catch (Exception e) {
                        throw new RuntimeException("deserialize session error", e);
                }
        }
}//end of class
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Login successful, but authenticated call to any other api results in 302 response.

Brian Demers
I'm not sure, I've only looked at this quickly, but it looks like your serialize and deserialize methods do different things. (again, just a quick look, but do you have test for writing data in, then pulling it back out by Id?

On Tue, Apr 4, 2017 at 2:27 PM, itsvisher <[hidden email]> wrote:
Gosh!!! You were so right. It is problem of my SessionDAO implementation.
Where did I do wrong??

Here is my implementation of SessionDAO:

package com.company.core.usermanagement;

import java.io.ByteArrayInputStream;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.util.Collection;

import org.apache.log4j.Logger;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

import com.mongodb.BasicDBObject;
import com.mongodb.DBCursor;
import com.mongodb.util.JSON;

public class MongoSessionDAO extends AbstractSessionDAO {
        private static final Logger logger =
Logger.getLogger(MongoSessionDAO.class);
        MongoProvider mp = new MongoProvider();
        String localdbName = "testdb";
        Session session;

        @Override
        public void update(Session session) throws UnknownSessionException {
                logger.debug("Update session");
        }

        @Override
        public void delete(Session session) {
                logger.debug("Deleting session: " + session.getId());
                session.stop();
        }

        @Override
        public Collection<Session> getActiveSessions() {
                return null;
        }

        @Override
        protected Serializable doCreate(Session session) {
                logger.info("Inside doCreate ");
                Serializable timeUuid = generateSessionId(session);
                assignSessionId(session, timeUuid);
                save(session.getId());
                logger.info("doCreate session Id: " + session.getId());
                return session.getId();
        }

        private void save(Serializable sessionId) {
                logger.info("Saving session...");
                int id = 0;
                mp.init();
                MongoRealm mongoRealmuser = new MongoRealm(mp.getCollection(localdbName,
"usersessions"));
                MongoRealm mongoRealcounter = new MongoRealm(mp.getCollection(localdbName,
"counters"));
                id = ((Double)
mongoRealcounter.getNextSequence("usersessions")).intValue();
                logger.info("sId-----> " + sessionId);
                mp.insertDBObject(localdbName, mongoRealmuser.createUserSessions(id,
sessionId), "usersessions");
        }

        @Override
        protected Session doReadSession(Serializable sessionId) {
                logger.info("doReadSession - Looking for session id: " +
sessionId.toString());
                mp.init();

                BasicDBObject allQuery = new BasicDBObject();
                allQuery.put("session", sessionId);
                DBCursor cursor = mp.getCollection(localdbName,
"usersessions").find(allQuery);
                if (!cursor.hasNext()) {
                        logger.debug("Session does not exists");
                        return null;
                }

                String jOut = JSON.serialize(cursor);
                final SimpleSession session = new SimpleSession();
                session.setId(sessionId);
                try {
                        JSONArray jArray = new JSONArray(jOut);
                        JSONObject jb = (JSONObject) jArray.get(0);
                        logger.info("Found session: " + jb.get("session"));
                } catch (JSONException e) {
                        e.printStackTrace();
                        logger.error("No Session is present :: " + e.toString());
                }

                return session;
        }

        @SuppressWarnings("unused")
        private static Session deserialize(String sessionStr) {
                try {
                        logger.info("SessionStr >>>> " + Base64.decodeToString(sessionStr));

                        // new ByteArrayInputStream(Base64.decode(sessionStr));
                        ByteArrayInputStream bis = new
ByteArrayInputStream(sessionStr.getBytes());
                        ObjectInputStream ois = new ObjectInputStream(bis);
                        return (Session) ois.readObject();
                } catch (Exception e) {
                        throw new RuntimeException("deserialize session error", e);
                }
        }
}//end of class



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Login-successful-but-authenticated-call-to-any-other-api-results-in-302-response-tp7581569p7581572.html
Sent from the Shiro User mailing list archive at Nabble.com.

Loading...