Shiro User

Shiro Session issue in Wildfly

Classic

List

Threaded

4 messages Options

Mike Guo

Shiro Session issue in Wildfly

Hi, All.

is there anyone can help me about the session issue when I used shiro in Wildfly?

I configured shiro use shiro session(not http session in web container), it work prefect when I deployed it into tomcat. but after I move my project to wildly. I found the login function work ok. after I input password and username, it login success and show me the page after login, but when I try to click the other link, it will be jump to login page again. seem to the session didn’t keep it.

the original shiro configuration like this:

	@Bean

	public DefaultWebSecurityManager securityManager() {

		DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();

		sessionManager.setGlobalSessionTimeout(60*60*1000);

		DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

		securityManager.setRealm(myRealm());

		securityManager.setSessionManager(sessionManager);

		return securityManager;

}

it always have this issue.

after I change it to :

	@Bean
	public DefaultWebSecurityManager securityManager() {
		
		DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
		securityManager.setRealm(myRealm());
		return securityManager;
		
	}

it work again.

sound like the shiro session have some issues.

anyone can help me a little tips?

thanks

Mike

Brian Demers

Re: Shiro Session issue in Wildfly

The first block uses the DefaultWebSessionManager, the second uses ServletContainerSessionManager. This helps explain the difference you are seeing.

That said, it sounds like there is a problem with Wildfly and the DefaultWebSessionManager. Any chance you have a dump of an example request/response (with http or curl) that shows this issue? (I've never really used Wildfly, so this is just a guess)

On Sun, Nov 12, 2017 at 10:52 PM, Mike Guo <[hidden email]> wrote:

Hi, All.

is there anyone can help me about the session issue when I used shiro in Wildfly?

I configured shiro use shiro session(not http session in web container), it work prefect when I deployed it into tomcat. but after I move my project to wildly. I found the login function work ok. after I input password and username, it login success and show me the page after login, but when I try to click the other link, it will be jump to login page again. seem to the session didn’t keep it.

the original shiro configuration like this:

@Bean
public DefaultWebSecurityManager securityManager() {

DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setGlobalSessionTimeout(60*60*1000);

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
securityManager.setSessionManager(sessionManager);

return securityManager;

}

it always have this issue.

after I change it to :

@Bean
public DefaultWebSecurityManager securityManager() {

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
return securityManager;

}

it work again.

sound like the shiro session have some issues.

anyone can help me a little tips?

thanks

Mike

Mike Guo

Re: Shiro Session issue in Wildfly

Hi, Brian.

finally, I got a chance to debug this. I tried to define the cookie name like this:

		DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();

		SimpleCookie cookie = new SimpleCookie("NEWSALESSESSIONID");

        	cookie.setHttpOnly(true);

		sessionManager.setSessionIdCookie(cookie);

and the issue is gone. but when I use chrome to tracking the url, I found a strange things here:

Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding:
gzip, deflate, br
Accept-Language:
zh-CN,zh;q=0.9,en;q=0.8
Cache-Control:
no-cache
Connection:
keep-alive
Cookie:
JSESSIONID=5df3f96d-13c9-4ff7-9a61-0c0631d0232c.localhost; NEWSALESSESSIONID=339c2067-d777-4104-a2da-816932be0443; __utma=111872281.8308288.1511487186.1511487186.1511487186.1; __utmb=111872281.10.8.1511487770754; __utmc=111872281; __utmz=111872281.1511487186.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Host:
localhost:8080
Pragma:
no-cache
Referer:
http://localhost:8080/new-sales/sales/show-price/62


so, look like there are two cookie on wildly.  kind of I use shiro session manager, and the wildly keep use it own cookie again.  


so, I guess here’s the problem. I should disable wildly cookie function.


Mike

在 2017年11月13日，下午10:52，Brian Demers <[hidden email]>

The first block uses the DefaultWebSessionManager, the second uses ServletContainerSessionManager. This helps explain the difference you are seeing.

That said, it sounds like there is a problem with Wildfly and the DefaultWebSessionManager. Any chance you have a dump of an example request/response (with http or curl) that shows this issue? (I've never really used Wildfly, so this is just a guess)

On Sun, Nov 12, 2017 at 10:52 PM, Mike Guo <[hidden email]> wrote:
Hi, All.

is there anyone can help me about the session issue when I used shiro in Wildfly?

I configured shiro use shiro session(not http session in web container), it work prefect when I deployed it into tomcat. but after I move my project to wildly. I found the login function work ok. after I input password and username, it login success and show me the page after login, but when I try to click the other link, it will be jump to login page again. seem to the session didn’t keep it.

the original shiro configuration like this:

@Bean
public DefaultWebSecurityManager securityManager() {

DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setGlobalSessionTimeout(60*60*1000);

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
securityManager.setSessionManager(sessionManager);

return securityManager;

}

it always have this issue.

after I change it to :

@Bean
public DefaultWebSecurityManager securityManager() {

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
return securityManager;

}

it work again.

sound like the shiro session have some issues.

anyone can help me a little tips?

thanks

Mike

Brian Demers

Re: Shiro Session issue in Wildfly

Either that or you could use the `ServletContainerSessionManager` to make sure use the Session that Wildly is managing.

But if you want to use the `DefaultWebSessionManager` you could disable your containers session tracking

On Thu, Nov 23, 2017 at 8:48 PM, Mike Guo <[hidden email]> wrote:

Hi, Brian.

finally, I got a chance to debug this. I tried to define the cookie name like this:

DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
SimpleCookie cookie = new SimpleCookie("NEWSALESSESSIONID");
cookie.setHttpOnly(true);

sessionManager.setSessionIdCookie(cookie);

and the issue is gone. but when I use chrome to tracking the url, I found a strange things here:

Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding:
gzip, deflate, br
Accept-Language:
zh-CN,zh;q=0.9,en;q=0.8
Cache-Control:
no-cache
Connection:
keep-alive
Cookie:
JSESSIONID=5df3f96d-13c9-4ff7-9a61-0c0631d0232c.localhost; NEWSALESSESSIONID=339c2067-d777-4104-a2da-816932be0443; __utma=111872281.8308288.1511487186.1511487186.1511487186.1; __utmb=111872281.10.8.1511487770754; __utmc=111872281; __utmz=111872281.1511487186.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Host:
localhost:8080
Pragma:
no-cache
Referer:
http://localhost:8080/new-sales/sales/show-price/62

so, look like there are two cookie on wildly. kind of I use shiro session manager, and the wildly keep use it own cookie again.

so, I guess here’s the problem. I should disable wildly cookie function.

Mike

在 2017年11月13日，下午10:52，Brian Demers <[hidden email]>

The first block uses the DefaultWebSessionManager, the second uses ServletContainerSessionManager. This helps explain the difference you are seeing.

That said, it sounds like there is a problem with Wildfly and the DefaultWebSessionManager. Any chance you have a dump of an example request/response (with http or curl) that shows this issue? (I've never really used Wildfly, so this is just a guess)

On Sun, Nov 12, 2017 at 10:52 PM, Mike Guo <[hidden email]> wrote:
Hi, All.

is there anyone can help me about the session issue when I used shiro in Wildfly?

I configured shiro use shiro session(not http session in web container), it work prefect when I deployed it into tomcat. but after I move my project to wildly. I found the login function work ok. after I input password and username, it login success and show me the page after login, but when I try to click the other link, it will be jump to login page again. seem to the session didn’t keep it.

the original shiro configuration like this:

@Bean
public DefaultWebSecurityManager securityManager() {

DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setGlobalSessionTimeout(60*60*1000);

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
securityManager.setSessionManager(sessionManager);

return securityManager;

}

it always have this issue.

after I change it to :

@Bean
public DefaultWebSecurityManager securityManager() {

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
return securityManager;

}

it work again.

sound like the shiro session have some issues.

anyone can help me a little tips?

thanks

Mike