[jira] [Comment Edited] (SHIRO-613) StoppedSessionException: Session with id has been explicitly stopped. No further interaction under this session is allowed.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jira] [Comment Edited] (SHIRO-613) StoppedSessionException: Session with id has been explicitly stopped. No further interaction under this session is allowed.

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SHIRO-613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15874846#comment-15874846 ]

sreenivas Harshith edited comment on SHIRO-613 at 2/20/17 5:33 PM:
-------------------------------------------------------------------

oh sorry :) my bad. Here's the config



# =======================
# Shiro INI configuration
# =======================

[main]
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager

passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
customsessiondao= com.appbackend.framework.core.security.shiro.session.AppSessionDAO
ssessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
ssessionManager.sessionDAO=$customsessiondao
securityManager.sessionManager.globalSessionTimeout=600000
securityManager.sessionManager = $ssessionManager
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
myAppAuthenticationRealm = com.appbackend.framework.core.security.shiro.realms.AppAuthenticationRealm
myAppAuthenticationRealm.credentialsMatcher = $passwordMatcher
securityManager.realms = $myAppAuthenticationRealm
authcStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.sessionManager.sessionValidationSchedulerEnabled = false



And this is my SessionDAO














package com.appbackend.framework.core.security.shiro.session;
import com.appbackend.framework.core.contexthelpers.AppContext;
import com.appbackend.framework.core.contexthelpers.AppDAOContext;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import java.io.Serializable;
import java.util.Collection;

/**
 *
 * @author sreenivasHarshith
 *
 */

 
public class AppSessionDAO extends AbstractSessionDAO {

    private SimpleSession assertSimpleSession(Session session) {
        if (!(session instanceof SimpleSession)) {
            throw new IllegalArgumentException(AppSessionDAO.class.getName() + " implementations only support " +
                    SimpleSession.class.getName() + " instances.");
        }
       
        return (SimpleSession) session;
    }

    @Override
    protected Serializable doCreate(Session sn) {
       
        SimpleSession simpleSession = assertSimpleSession(sn);      
        Serializable sessionId = generateSessionId(simpleSession);
        assignSessionId(simpleSession, sessionId);        
      boolean result=  AppDAOContext.saveSessionToJdbcSessionDAO(simpleSession);
      if(!result){throw new RuntimeException("Session Creation Failed!!");}      
        return  sessionId;
    }

    @Override
    protected Session doReadSession(Serializable serializable) {    
       
            Session sessionFromDb= AppDAOContext
                .conjureSessionFromJdbcSessionDAO(serializable);          
            return sessionFromDb;      
     
     
    }

    @Override
    public void update(Session sn) throws UnknownSessionException {
     
        SimpleSession simpleSession = assertSimpleSession(sn);    
      boolean result=  AppDAOContext.updateSessionInJdbcSessionDAO(simpleSession);
      if(!result){throw new RuntimeException("Session Updation Failed!!");}
    }

    @Override
    public void delete(Session sn) {

        SimpleSession simpleSession = assertSimpleSession(sn);
        boolean res= AppDAOContext.deleteSessionFromJdbcSessionDAO(simpleSession);
        if(!res){throw new RuntimeException("Session Deletion Failed s!!");}
    }

    @Override
    public Collection<Session> getActiveSessions() {
        throw new UnsupportedOperationException("Not supported yet.");
    }
   
}






was (Author: sreenivash09):
oh sorry :) my bad. Here's the config



# =======================
# Shiro INI configuration
# =======================

[main]
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager

passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
customsessiondao= com.appbackend.framework.core.security.shiro.session.AppSessionDAO
ssessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
ssessionManager.sessionDAO=$customsessiondao
securityManager.sessionManager.globalSessionTimeout=600000
securityManager.sessionManager = $ssessionManager
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
myAppAuthenticationRealm = com.appbackend.framework.core.security.shiro.realms.AppAuthenticationRealm
myAppAuthenticationRealm.credentialsMatcher = $passwordMatcher
securityManager.realms = $myAppAuthenticationRealm
authcStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.sessionManager.sessionValidationSchedulerEnabled = false



And this is my SessionDAO



package com.appbackend.framework.core.security.shiro.session;
import com.appbackend.framework.core.contexthelpers.AppContext;
import com.appbackend.framework.core.contexthelpers.AppDAOContext;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import java.io.Serializable;
import java.util.Collection;

/**
 *
 * @author sreenivasHarshith
 *
 */

 
public class AppSessionDAO extends AbstractSessionDAO {

    private SimpleSession assertSimpleSession(Session session) {
        if (!(session instanceof SimpleSession)) {
            throw new IllegalArgumentException(AppSessionDAO.class.getName() + " implementations only support " +
                    SimpleSession.class.getName() + " instances.");
        }
       
        return (SimpleSession) session;
    }

    @Override
    protected Serializable doCreate(Session sn) {
       
        SimpleSession simpleSession = assertSimpleSession(sn);      
        Serializable sessionId = generateSessionId(simpleSession);
        assignSessionId(simpleSession, sessionId);        
      boolean result=  AppDAOContext.saveSessionToJdbcSessionDAO(simpleSession);
      if(!result){throw new RuntimeException("Session Creation Failed!!");}      
        return  sessionId;
    }

    @Override
    protected Session doReadSession(Serializable serializable) {    
       
            Session sessionFromDb= AppDAOContext
                .conjureSessionFromJdbcSessionDAO(serializable);          
            return sessionFromDb;      
     
     
    }

    @Override
    public void update(Session sn) throws UnknownSessionException {
     
        SimpleSession simpleSession = assertSimpleSession(sn);    
      boolean result=  AppDAOContext.updateSessionInJdbcSessionDAO(simpleSession);
      if(!result){throw new RuntimeException("Session Updation Failed!!");}
    }

    @Override
    public void delete(Session sn) {

        SimpleSession simpleSession = assertSimpleSession(sn);
        boolean res= AppDAOContext.deleteSessionFromJdbcSessionDAO(simpleSession);
        if(!res){throw new RuntimeException("Session Deletion Failed s!!");}
    }

    @Override
    public Collection<Session> getActiveSessions() {
        throw new UnsupportedOperationException("Not supported yet.");
    }
   
}





> StoppedSessionException: Session with id has been explicitly stopped.  No further interaction under this session is allowed.
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-613
>                 URL: https://issues.apache.org/jira/browse/SHIRO-613
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in), Session Management
>    Affects Versions: 1.3.2
>            Reporter: sreenivas Harshith
>              Labels: Sessiontimeout, StoppedSessionException, login, session
>
> I am using default shiro native session manager and Session DAO backed by Db store for storing sessions. I have set the session timeout to 10 min and I have the same user login multiple times, say 8 times. Once the session is expired I tried to login with same user credentials from a different client and shiro is calling this delete(Session sn) method implemented in my DAO to delete those old sessions that are expired. Once the deletion is completed it throws an exception with the deleted Session id saying org.apache.shiro.session.StoppedSessionException: Session with id [a9dd97a1-90d4-435c-b363-f74052dfa0dc] has been explicitly stopped.  No further interaction under this session is allowed, and  it fails to login the user.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
Loading...