Shiro
  1. Shiro
  2. SHIRO-297

Setting sessionMode to native kills any SessionManager already configured

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.0.0, 1.1.0
    • Fix Version/s: 1.2.0
    • Component/s: None
    • Labels:
      None

      Description

      I just got done working through an issue trying to get single sign-on working with EhCacheManager, following some examples I found on the mailing list (except I was using Spring configuration). It wasn't working for me at first with this:

      <bean id="securityManager" 
        class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> 
           <property name="realm" ref="factorlabRealm" /> 
           <property name="subjectFactory" ref="factorlabSubjectFactory" /> 
           <property name="cacheManager" ref="ssoCacheManager" /> 
           <property name="sessionManager" ref="sessionManager" /> 
           <property name="sessionMode" value="native" /> 
      </bean> 
      

      After lots of debugging, I got it to work with this:

      <bean id="securityManager"
      class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
      <property name="sessionMode" value="native" />
      <property name="realm" ref="factorlabRealm" />
      <property name="subjectFactory" ref="factorlabSubjectFactory" />
      <property name="cacheManager" ref="ssoCacheManager" />
      <property name="sessionManager" ref="sessionManager" />
      </bean>

      The difference is moving the sessionMode to earlier in the property list, because the setter for sessionMode was replacing my configured
      sessionManager with a new DefaultWebSessionManager.

      This seems pretty fragile.

        Activity

        Jason Erickson created issue -
        Jason Erickson made changes -
        Field Original Value New Value
        Description I just got done working through an issue trying to get single sign-on working with EhCacheManager, following some examples I found on the mailing list (except I was using Spring configuration). It wasn't working for me at first with this:


        <bean id="securityManager"
          class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
             <property name="realm" ref="factorlabRealm" />
             <property name="subjectFactory" ref="factorlabSubjectFactory" />
             <property name="cacheManager" ref="ssoCacheManager" />
             <property name="sessionManager" ref="sessionManager" />
             <property name="sessionMode" value="native" />
        </bean>
         
         
        After lots of debugging, I got it to work with this:
         
         
        <bean id="securityManager"
          class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="sessionMode" value="native" />
            <property name="realm" ref="factorlabRealm" />
            <property name="subjectFactory" ref="factorlabSubjectFactory" />
            <property name="cacheManager" ref="ssoCacheManager" />
            <property name="sessionManager" ref="sessionManager" />
        </bean>
         
         
        The difference is moving the sessionMode to earlier in the property list, because the setter for sessionMode was replacing my configured
        sessionManager with a new DefaultWebSessionManager.

        This seems pretty fragile.
        I just got done working through an issue trying to get single sign-on working with EhCacheManager, following some examples I found on the mailing list (except I was using Spring configuration). It wasn't working for me at first with this:

        {code:xml}
        <bean id="securityManager"
          class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
             <property name="realm" ref="factorlabRealm" />
             <property name="subjectFactory" ref="factorlabSubjectFactory" />
             <property name="cacheManager" ref="ssoCacheManager" />
             <property name="sessionManager" ref="sessionManager" />
             <property name="sessionMode" value="native" />
        </bean>
        {code}

         
        After lots of debugging, I got it to work with this:
         
         
        <bean id="securityManager"
          class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="sessionMode" value="native" />
            <property name="realm" ref="factorlabRealm" />
            <property name="subjectFactory" ref="factorlabSubjectFactory" />
            <property name="cacheManager" ref="ssoCacheManager" />
            <property name="sessionManager" ref="sessionManager" />
        </bean>
         
         
        The difference is moving the sessionMode to earlier in the property list, because the setter for sessionMode was replacing my configured
        sessionManager with a new DefaultWebSessionManager.

        This seems pretty fragile.
        Hide
        Jared Bunting added a comment -

        The "sessionMode" property of DefaultWebSecurityManager has been deprecated in SHIRO-312. The filter logic has also been changed so that the preferred solution to this is to simply not set "sessionMode".

        Show
        Jared Bunting added a comment - The "sessionMode" property of DefaultWebSecurityManager has been deprecated in SHIRO-312 . The filter logic has also been changed so that the preferred solution to this is to simply not set "sessionMode".
        Les Hazlewood made changes -
        Fix Version/s 1.2.0 [ 12315478 ]
        Hide
        Les Hazlewood added a comment -

        the 'sessionMode' property has been deprecated, with appropriate deprecation warnings being displayed. This will likely be removed entirely for Shiro 2.

        The solution to this bug is to configure the 'sessionManager' property as desired (e.g. with a DefaultWebSessionManager' which is a native session manager) and to not set the 'sessionMode' property.

        Show
        Les Hazlewood added a comment - the 'sessionMode' property has been deprecated, with appropriate deprecation warnings being displayed. This will likely be removed entirely for Shiro 2. The solution to this bug is to configure the 'sessionManager' property as desired (e.g. with a DefaultWebSessionManager' which is a native session manager) and to not set the 'sessionMode' property.
        Les Hazlewood made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Won't Fix [ 2 ]
        Hide
        Les Hazlewood added a comment -

        Closing with the 1.2.0 release.

        Show
        Les Hazlewood added a comment - Closing with the 1.2.0 release.
        Les Hazlewood made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Jason Erickson
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development