Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-141

Problem with WebRememberMeManager

    XMLWordPrintableJSON

Details

    Description

      I executed the following code to see if I needed to get the current user again after logging out:
      Subject currentUser;
      currentUser = SecurityUtils.getSubject(); // < --No exception
      currentUser = SecurityUtils.getSubject(); // < --No exception
      currentUser.logout(); // < --No exception
      currentUser = SecurityUtils.getSubject(); // < --EXCEPTION

      Resulting in the application throwing a NullPointerException from WebRememberMeManager.

      Here is the stack trace: (I'm currently trying to learn how to install and use JUnit)

      32046 [btpool0-1] WARN org.apache.shiro.mgt.DefaultSecurityManager - Delegate RememberMeManager instance of type [org.apache.shiro.web.WebRememberMeManager] threw an exception during getRememberedPrincipals().
      java.lang.NullPointerException
      at org.apache.shiro.web.attr.CookieAttribute.getCookie(CookieAttribute.java:262)
      at org.apache.shiro.web.attr.CookieAttribute.removeValue(CookieAttribute.java:357)
      at org.apache.shiro.web.WebRememberMeManager.forgetIdentity(WebRememberMeManager.java:320)
      at org.apache.shiro.web.WebRememberMeManager.forgetIdentity(WebRememberMeManager.java:316)
      at org.apache.shiro.mgt.AbstractRememberMeManager.onRememberedPrincipalFailure(AbstractRememberMeManager.java:547)
      at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:488)
      at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:598)
      at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:486)
      at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:363)
      at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:751)
      at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:57)
      at burp_erp_t1.TestShiroServlet.login(TestShiroServlet.java:43)
      at burp_erp_t1.TestShiroServlet.doPost(TestShiroServlet.java:24)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
      at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
      at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
      at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:373)
      at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:306)
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)
      at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
      at com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:51)
      at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
      at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
      at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
      at com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:121)
      at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
      at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
      at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
      at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
      at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)
      at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
      at com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70)
      at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
      at com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:352)
      at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
      at org.mortbay.jetty.Server.handle(Server.java:313)
      at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
      at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:844)
      at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:644)
      at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
      at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
      at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
      at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)

      Attachments

        1. MyWebRememberMeManager.java
          2 kB
          bartolomeo sorrentino
        2. shiro141.zip
          29 kB
          Allan Ditzel

        Issue Links

          Activity

            People

              lhazlewood Les Hazlewood
              dutrowllc Chris Dutrow
              Votes:
              2 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: