Shiro complaining “There is no session with id xxx” with DefaultSecurityManager

前端未结

关注

 3  1811

青春惊慌失措 2021-02-19 22:47

I\'m using Apache Shiro 1.2.0 in a long-running application that reads messages from a queue and and takes action. The action taken requires a Shiro authenticated session, so I

3条回答

陌清茗 (楼主)

2021-02-19 23:14

I was getting this error and found that completely destroying any existing session before calling subject.login(credentials) fixed it.

// Login the user
private Subject loginUser()
{
  ensureUserIsLoggedOut();
  Subject subject = SecurityUtils.getSubject();
  subject.login(credentials);
}

And the supporting routines are:

// Logout the user fully before continuing.
private void ensureUserIsLoggedOut()
{
    try
    {
        // Get the user if one is logged in.
        Subject currentUser = SecurityUtils.getSubject();
        if (currentUser == null)
            return;

        // Log the user out and kill their session if possible.
        currentUser.logout();
        Session session = currentUser.getSession(false);
        if (session == null)
            return;

        session.stop();
    }
    catch (Exception e)
    {
        // Ignore all errors, as we're trying to silently 
        // log the user out.
    }
}

0 讨论(0)

查看其它3个回答