Examples with SessionException org.apache.shiro.session.SessionException used on opensource projects

Search in sources :

Example 1 with SessionException

use of org.apache.shiro.session.SessionException in project shiro by apache.

the class LogoutFilter method preHandle.

/**
 * Acquires the currently executing {@link #getSubject(javax.servlet.ServletRequest, javax.servlet.ServletResponse) subject},
 * a potentially Subject or request-specific
 * {@link #getRedirectUrl(javax.servlet.ServletRequest, javax.servlet.ServletResponse, org.apache.shiro.subject.Subject) redirectUrl},
 * and redirects the end-user to that redirect url.
 *
 * @param request  the incoming ServletRequest
 * @param response the outgoing ServletResponse
 * @return {@code false} always as typically no further interaction should be done after user logout.
 * @throws Exception if there is any error.
 */
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
    Subject subject = getSubject(request, response);
    // Check if POST only logout is enabled
    if (isPostOnlyLogout()) {
        // check if the current request's method is a POST, if not redirect
        if (!WebUtils.toHttp(request).getMethod().toUpperCase(Locale.ENGLISH).equals("POST")) {
            return onLogoutRequestNotAPost(request, response);
        }
    }
    String redirectUrl = getRedirectUrl(request, response, subject);
    // try/catch added for SHIRO-298:
    try {
        subject.logout();
    } catch (SessionException ise) {
        log.debug("Encountered session exception during logout.  This can generally safely be ignored.", ise);
    }
    issueRedirect(request, response, redirectUrl);
    return false;
}
Also used : SessionException(org.apache.shiro.session.SessionException) Subject(org.apache.shiro.subject.Subject)

Example 2 with SessionException

use of org.apache.shiro.session.SessionException in project ddf by codice.

the class WebSSOFilter method checkForPreviousResultOnSession.

private HandlerResult checkForPreviousResultOnSession(HttpServletRequest httpRequest, String ip) {
    String requestedSessionId = httpRequest.getRequestedSessionId();
    if (requestedSessionId == null) {
        LOGGER.trace("No HTTP Session - returning with no results");
        return null;
    }
    HttpSession session = httpRequest.getSession(false);
    if (session == null) {
        // has not yet been created for them.
        if (sessionFactory == null) {
            throw new SessionException("Unable to verify user's session.");
        }
        session = sessionFactory.getOrCreateSession(httpRequest);
    }
    // See if principals exist for the requested session id
    HandlerResult result = null;
    PrincipalHolder principalHolder = (PrincipalHolder) session.getAttribute(SecurityConstants.SECURITY_TOKEN_KEY);
    if (principalHolder != null && principalHolder.getPrincipals() != null) {
        Collection<SecurityAssertion> assertions = principalHolder.getPrincipals().byType(SecurityAssertion.class);
        SessionToken sessionToken = null;
        if (!assertions.isEmpty()) {
            sessionToken = new SessionToken(principalHolder.getPrincipals(), session.getId(), ip);
        }
        if (sessionToken != null) {
            result = new HandlerResultImpl();
            result.setToken(sessionToken);
            result.setStatus(HandlerResult.Status.COMPLETED);
        } else {
            principalHolder.remove();
        }
    } else {
        securityLogger.audit("Request contained invalid or expired session id [{}]", Hashing.sha256().hashString(requestedSessionId, StandardCharsets.UTF_8).toString());
        LOGGER.trace("Request contained invalid or expired session - returning with no results");
    }
    return result;
}
Also used : SessionToken(org.codice.ddf.security.handler.SessionToken) HttpSession(javax.servlet.http.HttpSession) HandlerResultImpl(org.codice.ddf.security.handler.HandlerResultImpl) SessionException(org.apache.shiro.session.SessionException) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) SecurityAssertion(ddf.security.assertion.SecurityAssertion) PrincipalHolder(ddf.security.common.PrincipalHolder)

Aggregations

SessionException (org.apache.shiro.session.SessionException)2 SecurityAssertion (ddf.security.assertion.SecurityAssertion)1 PrincipalHolder (ddf.security.common.PrincipalHolder)1 HttpSession (javax.servlet.http.HttpSession)1 Subject (org.apache.shiro.subject.Subject)1 HandlerResultImpl (org.codice.ddf.security.handler.HandlerResultImpl)1 SessionToken (org.codice.ddf.security.handler.SessionToken)1 HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial