Shiro Session issue in Wildfly

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Shiro Session issue in Wildfly

Mike Guo
Hi, All.

is there anyone can help me about the session issue when I used shiro in Wildfly?

I configured shiro use shiro session(not http session in web container),  it work prefect when I deployed it into tomcat. but after I move my project to wildly.  I found the login function work ok. after I input password and username, it login success and show me the page after login, but when I try to click the other link, it will be jump to login page again. seem to the session didn’t keep it.  

the original shiro configuration like this:

@Bean
public DefaultWebSecurityManager securityManager() {


DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setGlobalSessionTimeout(60*60*1000);

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
securityManager.setSessionManager(sessionManager);


return securityManager;


}

it always have this issue.

after I change it to :

@Bean
public DefaultWebSecurityManager securityManager() {



DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
return securityManager;

}


it work again.


sound like the shiro session have some issues.


anyone can help me a little tips?

thanks


Mike


Reply | Threaded
Open this post in threaded view
|

Re: Shiro Session issue in Wildfly

Brian Demers
The first block uses the DefaultWebSessionManager, the second uses ServletContainerSessionManager.  This helps explain the difference you are seeing.

That said, it sounds like there is a problem with Wildfly and the DefaultWebSessionManager.  Any chance you have a dump of an example request/response (with http or curl) that shows this issue?  (I've never really used Wildfly, so this is just a guess)

On Sun, Nov 12, 2017 at 10:52 PM, Mike Guo <[hidden email]> wrote:
Hi, All.

is there anyone can help me about the session issue when I used shiro in Wildfly?

I configured shiro use shiro session(not http session in web container),  it work prefect when I deployed it into tomcat. but after I move my project to wildly.  I found the login function work ok. after I input password and username, it login success and show me the page after login, but when I try to click the other link, it will be jump to login page again. seem to the session didn’t keep it.  

the original shiro configuration like this:

@Bean
public DefaultWebSecurityManager securityManager() {


DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setGlobalSessionTimeout(60*60*1000);

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
securityManager.setSessionManager(sessionManager);


return securityManager;


}

it always have this issue.

after I change it to :

@Bean
public DefaultWebSecurityManager securityManager() {



DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
return securityManager;

}


it work again.


sound like the shiro session have some issues.


anyone can help me a little tips?

thanks


Mike



Reply | Threaded
Open this post in threaded view
|

Re: Shiro Session issue in Wildfly

Mike Guo
Hi, Brian.

finally, I got a chance to debug this.  I tried to define the cookie name like this:
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
SimpleCookie cookie = new SimpleCookie("NEWSALESSESSIONID");
        cookie.setHttpOnly(true);


sessionManager.setSessionIdCookie(cookie);

and the issue is gone. but when I use chrome to tracking the url, I found a strange things here:

  1. Accept:
    text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
  2. Accept-Encoding:
    gzip, deflate, br
  3. Accept-Language:
    zh-CN,zh;q=0.9,en;q=0.8
  4. Cache-Control:
    no-cache
  5. Connection:
    keep-alive
  6. Cookie:
    JSESSIONID=5df3f96d-13c9-4ff7-9a61-0c0631d0232c.localhost; NEWSALESSESSIONID=339c2067-d777-4104-a2da-816932be0443; __utma=111872281.8308288.1511487186.1511487186.1511487186.1; __utmb=111872281.10.8.1511487770754; __utmc=111872281; __utmz=111872281.1511487186.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
  7. Host:
    localhost:8080
  8. Pragma:
    no-cache
  9. Referer:


so, look like there are two cookie on wildly.  kind of I use shiro session manager, and the wildly keep use it own cookie again.  


so, I guess here’s the problem. I should disable wildly cookie function.


Mike




在 2017年11月13日,下午10:52,Brian Demers <[hidden email]

The first block uses the DefaultWebSessionManager, the second uses ServletContainerSessionManager.  This helps explain the difference you are seeing.

That said, it sounds like there is a problem with Wildfly and the DefaultWebSessionManager.  Any chance you have a dump of an example request/response (with http or curl) that shows this issue?  (I've never really used Wildfly, so this is just a guess)

On Sun, Nov 12, 2017 at 10:52 PM, Mike Guo <[hidden email]> wrote:
Hi, All.

is there anyone can help me about the session issue when I used shiro in Wildfly?

I configured shiro use shiro session(not http session in web container),  it work prefect when I deployed it into tomcat. but after I move my project to wildly.  I found the login function work ok. after I input password and username, it login success and show me the page after login, but when I try to click the other link, it will be jump to login page again. seem to the session didn’t keep it.  

the original shiro configuration like this:

@Bean
public DefaultWebSecurityManager securityManager() {

DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setGlobalSessionTimeout(60*60*1000);

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
securityManager.setSessionManager(sessionManager);

return securityManager;

}

it always have this issue.

after I change it to :

@Bean
public DefaultWebSecurityManager securityManager() {



DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
return securityManager;

}


it work again.


sound like the shiro session have some issues.


anyone can help me a little tips?

thanks


Mike




Reply | Threaded
Open this post in threaded view
|

Re: Shiro Session issue in Wildfly

Brian Demers
Either that or you could use the `ServletContainerSessionManager` to make sure use the Session that Wildly is managing.
But if you want to use the `DefaultWebSessionManager` you could disable your containers session tracking

On Thu, Nov 23, 2017 at 8:48 PM, Mike Guo <[hidden email]> wrote:
Hi, Brian.

finally, I got a chance to debug this.  I tried to define the cookie name like this:
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
SimpleCookie cookie = new SimpleCookie("NEWSALESSESSIONID");
        cookie.setHttpOnly(true);


sessionManager.setSessionIdCookie(cookie);

and the issue is gone. but when I use chrome to tracking the url, I found a strange things here:

  1. Accept:
    text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
  2. Accept-Encoding:
    gzip, deflate, br
  3. Accept-Language:
    zh-CN,zh;q=0.9,en;q=0.8
  4. Cache-Control:
    no-cache
  5. Connection:
    keep-alive
  6. Cookie:
    JSESSIONID=5df3f96d-13c9-4ff7-9a61-0c0631d0232c.localhost; NEWSALESSESSIONID=339c2067-d777-4104-a2da-816932be0443; __utma=111872281.8308288.1511487186.1511487186.1511487186.1; __utmb=111872281.10.8.1511487770754; __utmc=111872281; __utmz=111872281.1511487186.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
  7. Host:
    localhost:8080
  8. Pragma:
    no-cache
  9. Referer:


so, look like there are two cookie on wildly.  kind of I use shiro session manager, and the wildly keep use it own cookie again.  


so, I guess here’s the problem. I should disable wildly cookie function.


Mike




在 2017年11月13日,下午10:52,Brian Demers <[hidden email]

The first block uses the DefaultWebSessionManager, the second uses ServletContainerSessionManager.  This helps explain the difference you are seeing.

That said, it sounds like there is a problem with Wildfly and the DefaultWebSessionManager.  Any chance you have a dump of an example request/response (with http or curl) that shows this issue?  (I've never really used Wildfly, so this is just a guess)

On Sun, Nov 12, 2017 at 10:52 PM, Mike Guo <[hidden email]> wrote:
Hi, All.

is there anyone can help me about the session issue when I used shiro in Wildfly?

I configured shiro use shiro session(not http session in web container),  it work prefect when I deployed it into tomcat. but after I move my project to wildly.  I found the login function work ok. after I input password and username, it login success and show me the page after login, but when I try to click the other link, it will be jump to login page again. seem to the session didn’t keep it.  

the original shiro configuration like this:

@Bean
public DefaultWebSecurityManager securityManager() {

DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setGlobalSessionTimeout(60*60*1000);

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
securityManager.setSessionManager(sessionManager);

return securityManager;

}

it always have this issue.

after I change it to :

@Bean
public DefaultWebSecurityManager securityManager() {



DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(myRealm());
return securityManager;

}


it work again.


sound like the shiro session have some issues.


anyone can help me a little tips?

thanks


Mike