当会话到期/无效时,Shiro会抛出异常

时间:2014-10-29 09:26:00

标签: java session grails shiro

我尝试使用Grails的原生会话:

[main]
sessionManager = org.apache.shiro.session.mgt.DefaultSessionManager
securityManager.sessionManager = \$sessionManager

在找不到或无效会话之前,它很有效。

  1. 启动服务器。登录

  2. 重启服务器。

        org.apache.shiro.session.ExpiredSessionException: Session with id [3c3ffbef-ee93-4f6e-a599-1f1f4c03d037] has expired. Last access time: 29.10.14 12:18.  Current time: 29.10.14 12:18.  Session timeout is set to 1 seconds (0 minutes)
        at org.apache.shiro.session.mgt.SimpleSession.validate(SimpleSession.java:292)
        at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doValidate(AbstractValidatingSessionManager.java:186)
        at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.validate(AbstractValidatingSessionManager.java:143)
        at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:120)
        at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108)
        at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:112)
        at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getAttribute(AbstractNativeSessionManager.java:209)
        at org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:141)
        at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
        at org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469)
        at org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153)
        at org.apache.shiro.subject.support.DelegatingSubject.getPrincipal(DelegatingSubject.java:149)
        at org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSubjectPrincipal(ShiroHttpServletRequest.java:95)
        at org.apache.shiro.web.servlet.ShiroHttpServletRequest.getUserPrincipal(ShiroHttpServletRequest.java:111)

    3. 重点是什么?为什么Shiro会抛出异常而不是静默处理它?它使shiro会话无法使用。

    即使退出也行不通,这很有趣:
    1. ShiroHttpServletRequest记得委托人的会议 2. SecurityUtils.subject?.logout()使委托人的会议无效 3.在处理响应时访问会话(request.getSession(false)),它返回无效会话=> org.apache.shiro.session.UnknownSessionException 

    There is no session with id [86f8b1dc-0c16-4836-9564-c8cc3cc1c03a]. Stacktrace follows:
java.lang.IllegalStateException: org.apache.shiro.session.UnknownSessionException: There is no session with id [86f8b1dc-0c16-4836-9564-c8cc3cc1c03a]
    at org.apache.shiro.web.servlet.ShiroHttpSession.getAttribute(ShiroHttpSession.java:133)
    at grails.plugin.cache.web.filter.PageFragmentCachingFilter.doFilter(PageFragmentCachingFilter.java:195)
    at grails.plugin.cache.web.filter.AbstractFilter.doFilter(AbstractFilter.java:63)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
    at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)

    使用原生Shiro会话的正确方法是什么?

1 个答案:

答案 0 :(得分:0)

看起来您正在使用非网络会话管理器。这并没有利用httpsession的东西,你真的想要在像grails这样的servlet环境中,因为webserver会帮助你使会话失效或者在重新部署时恢复它们。

改为使用DefaultWebSessionManager:

[main]
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

它扩展了DefaultSessionManager,所以你想用它做任何事情,你可以使用网络会话管理器。

相关问题
最新问题