Shiro
  1. Shiro
  2. SHIRO-297

Setting sessionMode to native kills any SessionManager already configured

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.0.0, 1.1.0
    • Fix Version/s: 1.2.0
    • Component/s: None
    • Labels:
      None

      Description

      I just got done working through an issue trying to get single sign-on working with EhCacheManager, following some examples I found on the mailing list (except I was using Spring configuration). It wasn't working for me at first with this:

      <bean id="securityManager" 
        class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> 
           <property name="realm" ref="factorlabRealm" /> 
           <property name="subjectFactory" ref="factorlabSubjectFactory" /> 
           <property name="cacheManager" ref="ssoCacheManager" /> 
           <property name="sessionManager" ref="sessionManager" /> 
           <property name="sessionMode" value="native" /> 
      </bean> 
      

      After lots of debugging, I got it to work with this:

      <bean id="securityManager"
      class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
      <property name="sessionMode" value="native" />
      <property name="realm" ref="factorlabRealm" />
      <property name="subjectFactory" ref="factorlabSubjectFactory" />
      <property name="cacheManager" ref="ssoCacheManager" />
      <property name="sessionManager" ref="sessionManager" />
      </bean>

      The difference is moving the sessionMode to earlier in the property list, because the setter for sessionMode was replacing my configured
      sessionManager with a new DefaultWebSessionManager.

      This seems pretty fragile.

        Activity

        Jason Erickson created issue -
        Jason Erickson made changes -
        Field Original Value New Value
        Description I just got done working through an issue trying to get single sign-on working with EhCacheManager, following some examples I found on the mailing list (except I was using Spring configuration). It wasn't working for me at first with this:


        <bean id="securityManager"
          class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
             <property name="realm" ref="factorlabRealm" />
             <property name="subjectFactory" ref="factorlabSubjectFactory" />
             <property name="cacheManager" ref="ssoCacheManager" />
             <property name="sessionManager" ref="sessionManager" />
             <property name="sessionMode" value="native" />
        </bean>
         
         
        After lots of debugging, I got it to work with this:
         
         
        <bean id="securityManager"
          class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="sessionMode" value="native" />
            <property name="realm" ref="factorlabRealm" />
            <property name="subjectFactory" ref="factorlabSubjectFactory" />
            <property name="cacheManager" ref="ssoCacheManager" />
            <property name="sessionManager" ref="sessionManager" />
        </bean>
         
         
        The difference is moving the sessionMode to earlier in the property list, because the setter for sessionMode was replacing my configured
        sessionManager with a new DefaultWebSessionManager.

        This seems pretty fragile.
        I just got done working through an issue trying to get single sign-on working with EhCacheManager, following some examples I found on the mailing list (except I was using Spring configuration). It wasn't working for me at first with this:

        {code:xml}
        <bean id="securityManager"
          class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
             <property name="realm" ref="factorlabRealm" />
             <property name="subjectFactory" ref="factorlabSubjectFactory" />
             <property name="cacheManager" ref="ssoCacheManager" />
             <property name="sessionManager" ref="sessionManager" />
             <property name="sessionMode" value="native" />
        </bean>
        {code}

         
        After lots of debugging, I got it to work with this:
         
         
        <bean id="securityManager"
          class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <property name="sessionMode" value="native" />
            <property name="realm" ref="factorlabRealm" />
            <property name="subjectFactory" ref="factorlabSubjectFactory" />
            <property name="cacheManager" ref="ssoCacheManager" />
            <property name="sessionManager" ref="sessionManager" />
        </bean>
         
         
        The difference is moving the sessionMode to earlier in the property list, because the setter for sessionMode was replacing my configured
        sessionManager with a new DefaultWebSessionManager.

        This seems pretty fragile.
        Les Hazlewood made changes -
        Fix Version/s 1.2.0 [ 12315478 ]
        Les Hazlewood made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Won't Fix [ 2 ]
        Les Hazlewood made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Jason Erickson
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development