Apache Shiro
Home Page: https://shiro.apache.org/
License: Apache License 2.0
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Upgrade to ASF pom parent 30
Upgrade to ASF pom parent 30
Hi!
Oracle has created the GraalVM and one of its features is the native-image tool, which allows compiling a JVM application into a native executable. This executable doesn't need a JVM to run, it starts faster and often consumes less memory. But this has downsides, as some dynamic features from Java are not supported without additional configuration. The biggest contenders are reflection, resources and proxies.
Luckily, a library can ship some JSON metadata in the META-INF/native-image/... directory which enables those features.
For libraries which don't (or can't) add the metadata in their JARs, Oracle has created the graalvm-reachability-repository, which contains this metadata outside of the libraries JAR file. In an ideal world, all of the metadata is moved into the JARs of the libraries, but until our world has reached its ideal state, this repository will be used.
We are hardly waiting for GrallVM native-image support in officially Shiro repository.
2023-12-19 10:40:12,218 [main] INFO com.bibleofprogrammer.authentication.AuthenticationApplication - [ - - ] - No active profile set, falling back to 1 default profile: "default"
2023-12-19 10:40:14,261 [main] INFO org.springframework.data.repository.config.RepositoryConfigurationDelegate - [ - - ] - Multiple Spring Data modules found, entering strict repository configuration mode
2023-12-19 10:40:14,265 [main] INFO org.springframework.data.repository.config.RepositoryConfigurationDelegate - [ - - ] - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
2023-12-19 10:40:14,358 [main] INFO org.springframework.data.repository.config.RepositoryConfigurationDelegate - [ - - ] - Finished Spring Data repository scanning in 73 ms. Found 0 Redis repository interfaces.
2023-12-19 10:40:14,774 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'org.apache.shiro.spring.boot.autoconfigure.ShiroBeanAutoConfiguration' of type [org.apache.shiro.spring.boot.autoconfigure.ShiroBeanAutoConfiguration$$SpringCGLIB$$0] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,778 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'eventBus' of type [org.apache.shiro.event.support.DefaultEventBus] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,815 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'authenticationAutoConfiguration' of type [com.bibleofprogrammer.authentication.shiro.AuthenticationAutoConfiguration$$SpringCGLIB$$0] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,847 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'userRealm' of type [com.bibleofprogrammer.authentication.shiro.UserRealm] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,850 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'statelessRealm' of type [com.bibleofprogrammer.authentication.shiro.stateless.StatelessRealm] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,912 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'subjectDAO' of type [com.bibleofprogrammer.authentication.shiro.stateless.StatelessSubjectDaoImpl] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,914 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'subjectFactory' of type [com.bibleofprogrammer.authentication.shiro.stateless.StatelessSubjectFactory] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,917 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'rememberMeCookieTemplate' of type [org.apache.shiro.web.servlet.SimpleCookie] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,919 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'rememberMeManager' of type [org.apache.shiro.web.mgt.CookieRememberMeManager] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,921 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'authenticationStrategy' of type [com.bibleofprogrammer.authentication.shiro.stateless.StatelessAtLeastOneSuccessfulStrategy] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,921 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'authenticator' of type [org.apache.shiro.authc.pam.ModularRealmAuthenticator] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,922 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'authorizer' of type [org.apache.shiro.authz.ModularRealmAuthorizer] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,923 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'sessionCookieTemplate' of type [org.apache.shiro.web.servlet.SimpleCookie] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,924 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'sessionFactory' of type [org.apache.shiro.session.mgt.SimpleSessionFactory] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,924 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'sessionDAO' of type [org.apache.shiro.session.mgt.eis.MemorySessionDAO] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,926 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'sessionManager' of type [org.apache.shiro.web.session.mgt.DefaultWebSessionManager] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,928 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'securityManager' of type [org.apache.shiro.web.mgt.DefaultWebSecurityManager] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,956 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'shiroPathDefinitionConfig' of type [com.bibleofprogrammer.authentication.config.ShiroPathDefinitionConfig$$SpringCGLIB$$0] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:14,959 [main] WARN o.s.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - [ - - ] - Bean 'shiroFilterChainDefinition' of type [org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [persistenceExceptionTranslationPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies.
2023-12-19 10:40:15,429 [main] INFO org.springframework.boot.web.embedded.tomcat.TomcatWebServer - [ - - ] - Tomcat initialized with port 9999 (http)
2023-12-19 10:40:15,439 [main] INFO org.apache.coyote.http11.Http11NioProtocol - [ - - ] - Initializing ProtocolHandler ["http-nio-9999"]my pom:
4.0.0
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.0</version>
<relativePath/>
</parent>
<groupId>com.bibleofprogrammer</groupId>
<artifactId>pilot</artifactId>
<version>1.0.0</version>
<name>pilot</name>
<description>pilot 管理</description>
<properties>
<java.version>17</java.version>
<shiro.version>2.0.0-alpha-4</shiro.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>31.0.1-jre</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.83</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId>
<version>1.2.8</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.33</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<classifier>jakarta</classifier>
<version>${shiro.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
<classifier>jakarta</classifier>
<version>${shiro.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<classifier>jakarta</classifier>
<version>${shiro.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<classifier>jakarta</classifier>
<version>${shiro.version}</version>
<exclusions>
<exclusion>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.4</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<classifier>jakarta</classifier>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.12.3</version>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.5.4.1</version>
<exclusions>
<exclusion>
<artifactId>mybatis-spring</artifactId>
<groupId>org.mybatis</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>3.0.3</version>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>2.0.1.Final</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
Version Shiro 1.9.x
org.apache.shiro.spring.web.ShiroFilterFactoryBean 上org.apache.shiro.spring.web.ShiroFilterFactoryBean 实现的两个接口是org.springframework.beans.factory.FactoryBean 和org.springframework.beans.factory.config.BeanPostProcessororg.apache.shiro.spring.web.ShiroFilterFactoryBean 实现的org.springframework.beans.factory.FactoryBean 接口增加了泛型 (如下图所示)
We need an issue template now that we have GitHub issues open.
This could get us started:
https://gist.github.com/bjankord/0db8add11881ba4ba8003ece82561f76
We should include
Wildfly 26
1.12.0
Shiro's InvalidRequestFilter blocks (returns a 400 Bad Request) any path containing an encoded forward slash (%2F) or period (%2E) anywhere when blockTraversal is true. (b67ff01)
Not allowing traversal for non-normalized paths seems like a good idea but indiscriminately blocking every encoded forward slash or period seems a bit strict.
For example, the following path would be blocked:
GET /mycompany/issuer/http:%2F%2Fmycompany.example.com/tokens (where the value of the path parameter 'issuer' would eventually be http://mycompany.example.com).
This is not path traversal, nor is a URL like
/mycompany/issuer/..%2F..%2F/,
though an overly enthusiastic decoding of such a URL could of course result in path traversal.
Maybe this should be a non-default 'extra strict' setting? With the default only blocking non-normalized paths?
Paths containing encoded forward slashes or periods are allowed by default.
Start an application configured with a default shiro config (an application that listens to every path and simply consumes or echoes it for example),
and do a GET for an path such as
/mycompany/issuer/http:%2F%2Fmycompany.example.com/tokens
No response
Hello all,
I am using Apache shiro 1.11.0 and i want to understand something.
I have to redirect user which do not have specific role to the access deny page.
What i have done is, as every page has it own managedbean and roles are base on page, i put a code in the constuctor of every managed bean which check if the user has permission or not. If not it redirect him to the accessdenided page. The problem it rendred first the page before it redirect the user to the access denied page.
I found this topic https://andy722.wordpress.com/2014/01/27/make-apache-shiro-allow-several-roles-to-access-resource/ on internet which show how we can do it. I have done the same and remove the checking in the constructor and the user still have access.
Somebody can help me understand and help me?
Apache karaf 4.4.5, java 17.0.9, debian 12.4 "bookworm", amd64
1.13.0
It was necessary to add the missing bundles in my own feature to get things to load and run.
In addition to the bundles loaded by me above, ie:
<bundle start-level="80">mvn:commons-beanutils/commons-beanutils/1.9.3</bundle>
<bundle start-level="80">mvn:commons-collections/commons-collections/3.2.2</bundle>
someone else said today he needed this one as well:
mvn:org.apache.shiro/shiro-config-core/1.13.0
That the shiro-web karaf feature had provided all features necessary to start and run.
Load the shiro-web feature into karaf and try to do something with it
No response
Hi,
I am facing an issue with NoClassDefFoundError when using shiro 2.x with tomcat 10.1.11 on java 17.
I have gone through existing issues and jakarta EE page referred in answer/solutions. Actually my application don't have maven/graddle and run on binaries.
Please refer to the error message below:
2023-08-04 12:59:40,731 [main] ERROR org.apache.shiro.web.env.EnvironmentLoader [] - Shiro environment initialization failed java.lang.NoClassDefFoundError: javax/servlet/Filter at java.lang.ClassLoader.defineClass1(Native Method) ~[?:?] at java.lang.ClassLoader.defineClass(ClassLoader.java:1012) ~[?:?] at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:150) ~[?:?] at org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal(WebappClassLoaderBase.java:2487) ~[catalina.jar:10.1.11] at org.apache.catalina.loader.WebappClassLoaderBase.findClass(WebappClassLoaderBase.java:865) ~[catalina.jar:10.1.11] at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1401) ~[catalina.jar:10.1.11] at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1245) ~[catalina.jar:10.1.11] at java.lang.Class.forName0(Native Method) ~[?:?] at java.lang.Class.forName(Class.java:467) ~[?:?] at org.apache.shiro.lang.util.ClassUtils$ExceptionIgnoringAccessor.loadClass(ClassUtils.java:281) ~[shiro-lang-2.0.0-alpha-3.jar:2.0.0-alpha-3] at org.apache.shiro.lang.util.ClassUtils.forName(ClassUtils.java:151) ~[shiro-lang-2.0.0-alpha-3.jar:2.0.0-alpha-3] at org.apache.shiro.lang.util.ClassUtils.newInstance(ClassUtils.java:193) ~[shiro-lang-2.0.0-alpha-3.jar:2.0.0-alpha-3] at org.apache.shiro.config.ogdl.ReflectionBuilder.createNewInstance(ReflectionBuilder.java:351) ~[shiro-config-ogdl-2.0.0-alpha-3.jar:2.0.0-alpha-3] at org.apache.shiro.config.ogdl.ReflectionBuilder$InstantiationStatement.doExecute(ReflectionBuilder.java:995) ~[shiro-config-ogdl-2.0.0-alpha-3.jar:2.0.0-alpha-3] at org.apache.shiro.config.ogdl.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:955) ~[shiro-config-ogdl-2.0.0-alpha-3.jar:2.0.0-alpha-3] at org.apache.shiro.config.ogdl.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:833) ~[shiro-config-ogdl-2.0.0-alpha-3.jar:2.0.0-alpha-3] at org.apache.shiro.config.ogdl.ReflectionBuilder.buildObjects(ReflectionBuilder.java:304) ~[shiro-config-ogdl-2.0.0-alpha-3.jar:2.0.0-alpha-3] at org.apache.shiro.ini.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:184) ~[shiro-core-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.shiro.ini.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:142) ~[shiro-core-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.shiro.ini.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:110) ~[shiro-core-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.shiro.ini.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:101) ~[shiro-core-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.shiro.ini.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:50) ~[shiro-core-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.shiro.ini.IniFactorySupport.createInstance(IniFactorySupport.java:150) ~[shiro-core-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:49) ~[shiro-core-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:300) ~[shiro-web-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:125) ~[shiro-web-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:77) ~[shiro-web-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.shiro.lang.util.LifecycleUtils.init(LifecycleUtils.java:45) ~[shiro-lang-2.0.0-alpha-3.jar:2.0.0-alpha-3] at org.apache.shiro.lang.util.LifecycleUtils.init(LifecycleUtils.java:40) ~[shiro-lang-2.0.0-alpha-3.jar:2.0.0-alpha-3] at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:319) ~[shiro-web-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:139) [shiro-web-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58) [shiro-web-2.0.0-alpha-3-jakarta.jar:2.0.0-alpha-3] at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4458) [catalina.jar:10.1.11] at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4896) [catalina.jar:10.1.11] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [catalina.jar:10.1.11] at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) [catalina.jar:10.1.11] at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:658) [catalina.jar:10.1.11] at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:713) [catalina.jar:10.1.11] at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1136) [catalina.jar:10.1.11] at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1971) [catalina.jar:10.1.11] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) [?:?] at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?] at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat-util.jar:10.1.11] at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:123) [?:?] at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1046) [catalina.jar:10.1.11] at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:428) [catalina.jar:10.1.11] at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1656) [catalina.jar:10.1.11] at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) [catalina.jar:10.1.11] at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) [catalina.jar:10.1.11] at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) [catalina.jar:10.1.11] at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366) [catalina.jar:10.1.11] at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) [catalina.jar:10.1.11] at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:846) [catalina.jar:10.1.11] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [catalina.jar:10.1.11] at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1328) [catalina.jar:10.1.11] at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1318) [catalina.jar:10.1.11] at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?] at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat-util.jar:10.1.11] at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:145) [?:?] at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) [catalina.jar:10.1.11] at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:241) [catalina.jar:10.1.11] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [catalina.jar:10.1.11] at org.apache.catalina.core.StandardService.startInternal(StandardService.java:428) [catalina.jar:10.1.11] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [catalina.jar:10.1.11] at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:918) [catalina.jar:10.1.11] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [catalina.jar:10.1.11] at org.apache.catalina.startup.Catalina.start(Catalina.java:795) [catalina.jar:10.1.11] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?] at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:347) [bootstrap.jar:10.1.11] at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:478) [bootstrap.jar:10.1.11] Caused by: java.lang.ClassNotFoundException: javax.servlet.Filter at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1437) ~[catalina.jar:10.1.11] at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1245) ~[catalina.jar:10.1.11] ... 73 more
Jars I have added are:
I have seen the class file of shiro-web jakarta jar and inside I can see we are using jakarta.servlet.Filter.
Not sure what I am missing here. Let me know if any other details is needed. In my code base I don't have any javax dependency and java services are running fine on the same code base.
Can anyone help with this. Apologies if it a silly query.
Thanks
It would be nice if there was native (optional) support to always grant access to preflight requests.
https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
In our JAX RS project, we added this to our filter:
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
if (isPreflightRequest(request)) {
return true;
}
return super.isAccessAllowed(request, response, mappedValue);
}
protected boolean isPreflightRequest(ServletRequest request) {
HttpServletRequest httpRequest = WebUtils.toHttp(request);
return httpRequest.getHeader("Origin") != null && httpRequest.getMethod().equals("OPTIONS");
}This is a web application, using Shiro, Looking at WildCardPermission.implies() to understand permission logic
1.13.0
Looking at the logic of the code, The following seems to return false, when it should return true:
new WildCardPermission("printer:query,print:lp7200").implies("printer:query:lp7200")
The understanding is that the permission assigned to the user is printer:query,print:lp7200, and the call to Subjet.isPermitted("printer:query:lp7200") is called when checking query permission the printer. What this would mean is that the user can query or print to the printer, and this specific action is just checking for the query permission.
However, according to this code:
if (!part.contains(WILDCARD_TOKEN) && !part.containsAll(otherPart)) {
return false;
}
This seems to be saying if the part (the user's assigned permission) doesn't contain a * AND it doesn't contain ALL of the parts specified in the requested permission check (the other part), it should fail.
The question is: Why does it require all parts of the granted permission to be found in the checked permission? If the grant says you can print and query (print,query), shouldn't the imply say that the checked permission needs to have all the parts of the granted (in this case: query,print matches all parts of query.
new WildCardPermission("printer:query,print:lp7200").implies("printer:query:lp7200")
Should return true. The Permission to print or query should pass the check when we check if you can query.
Conversely:
new WildCardPermission("printer:print:lp7200").implies("printer:query,print:lp7200")
Should return false, since the permission check is asking if you have both query and print, but your permission only grants you print.
Assert(new WildCardPermission("printer:query,print:lp7200").implies("printer:query:lp7200"), true)
No response
HtmlUnit 2.x is EOL.
Need to update to HtmlUnit 3.x as described below:
https://github.com/HtmlUnit/htmlunit/releases/tag/3.3.0
Self-expanatory
Make Shiro CI compile / test with JDK 21
Self-explanatory
I think there is a bug in these lines,but I can not make sure.
I think variable 'hasAtLeastOnePermission' always equals to 'getSubject().isPermitted(perms[perms.length-1])', is this result a bug?
Upgrade to common-codec 1.16.0
Upgrade to common-codec 1.16.0
Apache Karaf 4.4.4 & JDK 17 & Fedora 38
2.0.0 alpha 3
During password encryption I can see that shiro isn't able to see argon hash provider.
Shiro is able to use bcrypt & argon hash providers
Import shiro bundles:
shiro-core
mvn:org.apache.shiro.crypto/shiro-hashes-bcrypt/${org.apache.shiro.version}
mvn:org.apache.shiro.crypto/shiro-hashes-argon2/${org.apache.shiro.version}
Deploy any application that uses shiro and is able to run under Karaf & OSGI
Caused by: java.lang.UnsupportedOperationException: Cannot create a hash with the given algorithm: argon2id
at org.apache.shiro.crypto.hash.DefaultHashService.computeHash(DefaultHashService.java:98) ~[!/:2.0.0-alpha-3]
at org.apache.shiro.authc.credential.DefaultPasswordService.passwordsMatch(DefaultPasswordService.java:181) ~[!/:2.0.0-alpha-3]
at tech.pantheon.chronos.aaa.impl.security.realm.impl.TokenCredentialsMatcher.doCredentialsMatch(TokenCredentialsMatcher.java:36) ~[?:?]
at org.apache.shiro.realm.AuthenticatingRealm.assertCredentialsMatch(AuthenticatingRealm.java:600) ~[!/:2.0.0-alpha-3]
at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:581) ~[!/:2.0.0-alpha-3]
at Proxy7d5c2798_ad1d_48c5_aa34_93f64a110877.getAuthenticationInfo(Unknown Source) ~[?:?]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) ~[!/:2.0.0-alpha-3]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:273) ~[!/:2.0.0-alpha-3]
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) ~[!/:2.0.0-alpha-3]
BOMs are useful for version-deduplication and for using the same version of all Shiro packages. A BOM for the Jakarta version of Shiro exists for 1.12.0 but not for the javax one. It would be nice to also add it. It seems to me that there was one in version 1.11.0.
spring boot 2 will no longer maintain, there may be bug or security
Please help me, I change how to change the httponly of the removeFrom method in SimpleCookie to true
Hi,
Any help or advice on this issue would be greatly appreciated!
I am trying to use Apache Shiro v1.13.0 with Karaf. I have used it successfully with an older version of Shiro which had fewer modules (and therefore fewer karaf bundles).
When I use version 1.13.0 I get the following error when the Karaf container starts up:
java.lang.ClassNotFoundException: org.apache.shiro.config.IniSecurityManagerFactory not found by org.apache.shiro.config.core
It seems to me that the problem here is that Karaf is trying to load a class from the wrong bundle - the class is actually in org.apache.shiro.config. But the fact that the org.apache.shiro.config package is exported from both bundles seems to be confusing it.
I think this needs to be addressed on the maven side in the configuration of the bundles. What would a standard configuration look like?
I don't see anything in the docs describing how to get this set up so any help would be much appreciated.
Regards,
CS
Hello everyone, I'd like to share a question and hear your opinions on a specific behavior.
In a stateful application where we use a JWT access token in the authorization header (an approach that might seem odd for combining stateful with JWT), on the first request, the subject is assigned to the session, making it authenticated. Thus, subsequent requests are accepted until the session is invalidated. My question is: considering that the JWT token has its own validity period, would it make sense to revalidate the token with each request, or should we rely entirely on session management? Furthermore, within the context of Shiro, is there a specialized JWT filter and, in this filter, would a session be mandatory?
Please I like Apache Shiro
How can I inject my EmployeeDAO inside a custom AuthorizingRealm?
I have tried it am getting null.
Am using Jakarta EE 10.
This is part of my pom.xml
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<classifier>jakarta</classifier>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<classifier>jakarta</classifier>
</dependency>
Currently, there around 300 warnings in the code, they should be cleaned up
Tracking issue for:
Hi:
Thanks for great work.
when will be support spring boot 3.0+ ?
IntelliJ complains about vulnerable dependency in shiro-core version 1.11.0:
Provides transitive vulnerable dependency maven:commons-collections:commons-collections:3.2.2
Cx78f40514-81ff 7.5 Uncontrolled Recursion vulnerability pending CVSS allocation
Not relevant.
1.12.0
See below.
See below.
Add this in a build.gradle file:
plugins {
id 'java'
}
repositories {
mavenCentral()
}
dependencies {
implementation(platform('org.apache.shiro:shiro-bom:1.12.0'))
implementation 'org.apache.shiro:shiro-web'
}And in src/main/java/Test.java:
import org.apache.shiro.subject.Subject;
public class Test {
}Running gradle clean compileJava will fail. If you run it but first change the version number to 1.11.0 it will work fine.
Run gradle dependencies --configuration compileClasspath. This leads to:
compileClasspath - Compile classpath for source set 'main'.
+--- org.apache.shiro:shiro-bom:1.12.0
| +--- org.apache.shiro:shiro-web:1.12.0 (c)
| \--- org.owasp.encoder:encoder:1.2.3 (c)
\--- org.apache.shiro:shiro-web -> 1.12.0
\--- org.owasp.encoder:encoder:1.2.3
As you see, shiro-core is missing as a dependency and hence the project won't compile. Using version 1.11.0 leads to a correct output. Or so I think. I'm not sure I understand correctly how BOMs are supposed to work but I believe this is a problem in version 1.12.0.
I see in 1.12.0 that a dependencyManagement tag has been added which is not present in 1.11.0. Not sure if that's the problem.
No response
When I start the app, I get the following error:
Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shiroEventBusAwareBeanPostProcessor' defined in class path resource [org/apache/shiro/spring/boot/autoconfigure/ShiroBeanAutoConfiguration.class]: Initialization of bean failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authorizationAttributeSourceAdvisor' defined in class path resource [org/apache/shiro/spring/boot/autoconfigure/ShiroAnnotationProcessorAutoConfiguration.class]: Unsatisfied dependency expressed through method 'authorizationAttributeSourceAdvisor' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityManager' defined in class path resource [org/apache/shiro/spring/config/web/autoconfigure/ShiroWebAutoConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apache.shiro.mgt.SessionsSecurityManager]: Factory method 'securityManager' threw exception; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'authorizer' available
When I added the following configuration, it started fine:
@bean
@ConditionalOnBean(Authorizer.class)
@OverRide
protected SessionsSecurityManager securityManager(List realms) {
return super.securityManager(realms);
}
I also suspect that the writing of super.securityManager(realms) affects the dependency analysis of spring, causing the securityManager to be instantiated before the Authorizer
How can I implement SaltedAuthenticationInfo?
Whats with wrong with code
shiro.ini
[main]
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager
credentialsMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
credentialsMatcher.storedCredentialsHexEncoded = false
credentialsMatcher.hashIterations = 1024
employeeRealm = NamedEmployeeRealm
employeeRealm.credentialsMatcher = $credentialsMatcher
securityManager.realms = $employeeRealm
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.sessionIdCookieEnabled = false
# -----------------------------------------------------------------------------
# Users and their (optional) assigned roles
# username = password, role1, role2, ..., roleN
# -----------------------------------------------------------------------------
[users]
# The 'users' section is for simple deployments
# when you only need a small number of statically-defined
# set of User accounts.
# -----------------------------------------------------------------------------
# Roles with assigned permissions
# roleName = perm1, perm2, ..., permN
# -----------------------------------------------------------------------------
[roles]
# The 'roles' section is for simple deployments
# when you only need a small number of statically-defined
# roles
EmployeeRealm
@Named("NamedEmployeeRealm")
@ApplicationScoped
public class EmployeeRealm extends AuthorizingRealm {
@Inject
AuthenticateFactory factory;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String username = token.getUsername();
char[] passwordChar = token.getPassword();
if (username == null) throw new AccountException("Null usernames!");
if (passwordChar == null) throw new AccountException("Null passwords!");
String password = new String(passwordChar);
Object[] secret = factory.getSecret(username);
String hashedPassword = (String) secret[1];
String salt = (String) secret[2];
// Return the authentication info password = 123456
return new EmployeeSaltedAuthenticationInfo(username, "2R7mQYMu3OkORIEbRJY/AqvDqWvVAoFIhXMBa8dwh2o=", "25+ri82pdmDMrcUHpFOaCg==", getName());
}
}
EmployeeSaltedAuthenticationInfo
public class EmployeeSaltedAuthenticationInfo implements SaltedAuthenticationInfo {
private final String username;
private final String password;
private final String salt;
private final String name;
public EmployeeSaltedAuthenticationInfo(String username, String password, String salt, String name) {
this.username = username;
this.password = password;
this.salt = salt;
this.name = name;
}
@Override
public ByteSource getCredentialsSalt() {
return ByteSource.Util.bytes(Base64.decode(salt));
}
@Override
public PrincipalCollection getPrincipals() {
return new SimplePrincipalCollection(username, name);
}
@Override
public Object getCredentials() {
return password;
}
}
The Apache Zeppelin project uses Shiro as a security framework. I am aware that Zeppelin uses Shiro a little incorrectly, but that is not the issue.
Recently the following pull request apache/zeppelin#4714 has been opened and I was wondering why this is not implemented in the security framework Shiro. What do you think? Does it make sense to perhaps include the code snippet in the Shiro project?
Currently, only Jakarta EE module has checkstyle enabled.
Need to enable checkstyle on root module, so it encompasses all modules.
Of course, this requires that all modules comply with the checkstyle rules.
This needs to be done as well.
Any
main branch (2.x)
Tests failed on AspectJ
AspectJ tests succeed
mvn package twice. first time it succeeds. Second (and subsequent) times it fails
This happens when compiling from Shiro root only.
No response
Need to make it easier to use Spring 6/SB3
Exclusions are needed in the BOM for starters
Also, Spring 6/ SpringBoot 3 examples are needed
Suggestion:
#891 (comment)
(untested, for now)
Continuation of #891
I am trying to update code for Fedora Commons from Java 11 to Java 17 and make the switch to Jakarta EE at the same time. I am mostly there (I think) but have struck against an issue when loading the Shiro Filter we run in front of our Jersey system.
Ours is a little odd in that we do not integrate Shiro to the application, the authz is separate.
When loading a ShiroFilter in our integration tests I had to first include javax.servlet-api or I hit java.lang.NoClassDefFoundError errors looking for javax.servlet.Filter.
After adding that dependency I now hit this error constructing the bean.
java.lang.RuntimeException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shiroFilter': FactoryBean threw exception on object creation
at org.glassfish.grizzly.servlet.WebappContext.initFilters(WebappContext.java:1835)
at org.glassfish.grizzly.servlet.WebappContext.deploy(WebappContext.java:279)
at org.fcrepo.http.commons.test.util.ContainerWrapper.start(ContainerWrapper.java:138)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMethod.invoke(InitDestroyAnnotationBeanPostProcessor.java:457)
at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:401)
at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:219)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:422)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1778)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:600)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:522)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:325)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:975)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:959)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:624)
at org.springframework.test.context.support.AbstractGenericContextLoader.loadContext(AbstractGenericContextLoader.java:221)
at org.springframework.test.context.support.AbstractGenericContextLoader.loadContext(AbstractGenericContextLoader.java:110)
at org.springframework.test.context.support.AbstractDelegatingSmartContextLoader.loadContext(AbstractDelegatingSmartContextLoader.java:212)
at org.springframework.test.context.cache.DefaultCacheAwareContextLoaderDelegate.loadContextInternal(DefaultCacheAwareContextLoaderDelegate.java:225)
at org.springframework.test.context.cache.DefaultCacheAwareContextLoaderDelegate.loadContext(DefaultCacheAwareContextLoaderDelegate.java:152)
at org.springframework.test.context.support.DefaultTestContext.getApplicationContext(DefaultTestContext.java:130)
at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.injectDependencies(DependencyInjectionTestExecutionListener.java:142)
at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.prepareTestInstance(DependencyInjectionTestExecutionListener.java:98)
at org.springframework.test.context.TestContextManager.prepareTestInstance(TestContextManager.java:260)
at org.springframework.test.context.junit.jupiter.SpringExtension.postProcessTestInstance(SpringExtension.java:163)
at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.lambda$invokeTestInstancePostProcessors$10(ClassBasedTestDescriptor.java:378)
at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.executeAndMaskThrowable(ClassBasedTestDescriptor.java:383)
at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.lambda$invokeTestInstancePostProcessors$11(ClassBasedTestDescriptor.java:378)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.StreamSpliterators$WrappingSpliterator.forEachRemaining(StreamSpliterators.java:310)
at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:735)
at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:734)
at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:762)
at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.invokeTestInstancePostProcessors(ClassBasedTestDescriptor.java:377)
at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.lambda$instantiateAndPostProcessTestInstance$6(ClassBasedTestDescriptor.java:290)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.instantiateAndPostProcessTestInstance(ClassBasedTestDescriptor.java:289)
at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.lambda$testInstancesProvider$4(ClassBasedTestDescriptor.java:279)
at java.base/java.util.Optional.orElseGet(Optional.java:364)
at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.lambda$testInstancesProvider$5(ClassBasedTestDescriptor.java:278)
at org.junit.jupiter.engine.execution.TestInstancesProvider.getTestInstances(TestInstancesProvider.java:31)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.lambda$prepare$0(TestMethodTestDescriptor.java:106)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.prepare(TestMethodTestDescriptor.java:105)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.prepare(TestMethodTestDescriptor.java:69)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$prepare$2(NodeTestTask.java:123)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.prepare(NodeTestTask.java:123)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:90)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:41)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:155)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:41)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:155)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.submit(SameThreadHierarchicalTestExecutorService.java:35)
at org.junit.platform.engine.support.hierarchical.HierarchicalTestExecutor.execute(HierarchicalTestExecutor.java:57)
at org.junit.platform.engine.support.hierarchical.HierarchicalTestEngine.execute(HierarchicalTestEngine.java:54)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:198)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:169)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:93)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.lambda$execute$0(EngineExecutionOrchestrator.java:58)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.withInterceptedStreams(EngineExecutionOrchestrator.java:141)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:57)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:103)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:85)
at org.junit.platform.launcher.core.DelegatingLauncher.execute(DelegatingLauncher.java:47)
at org.apache.maven.surefire.junitplatform.LazyLauncher.execute(LazyLauncher.java:56)
at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.execute(JUnitPlatformProvider.java:184)
at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.invokeAllTests(JUnitPlatformProvider.java:148)
at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.invoke(JUnitPlatformProvider.java:120)
at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:385)
at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:162)
at org.apache.maven.surefire.booter.ForkedBooter.run(ForkedBooter.java:507)
at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:495)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shiroFilter': FactoryBean threw exception on object creation
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:188)
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:124)
at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1818)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getObjectForBeanInstance(AbstractAutowireCapableBeanFactory.java:1276)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:258)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:204)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1237)
at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:332)
at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:240)
at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:237)
at org.glassfish.grizzly.servlet.WebappContext.initFilters(WebappContext.java:1829)
... 98 more
Caused by: java.lang.ClassCastException: class org.apache.shiro.web.filter.authc.AnonymousFilter cannot be cast to class jakarta.servlet.Filter (org.apache.shiro.web.filter.authc.AnonymousFilter and jakarta.servlet.Filter are in unnamed module of loader 'app')
at org.apache.shiro.spring.web.ShiroFilterFactoryBean.createFilterChainManager(ShiroFilterFactoryBean.java:414)
at org.apache.shiro.spring.web.ShiroFilterFactoryBean.createInstance(ShiroFilterFactoryBean.java:487)
at org.apache.shiro.spring.web.ShiroFilterFactoryBean.getObject(ShiroFilterFactoryBean.java:386)
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:182)
... 108 more
I am not well versed in the masking done with the jakarta classifier, but even with the jakarta classifier it still seems like I am creating a javax.servlet.Filter because the AnonymousFilter eventually extends the AbstractFilter which extends javax.servlet.Filter.
I apologize as this was setup by someone else so it is possible there is a simple solution, and if so I would appreciate the help switching it over.
The beans are loaded from here for the integration tests.
I have looked at other jakarta issues in here, most solutions are just to ensure you are using the <classifier>jakarta</classifier>. Which I am doing.
Am I missing something obvious here or are we using Shiro in a non-standard way or are we needing to continue using javax.servlet.Filter to use Shiro?
cheers!
When I use shiro-spring-boot-starter 1.13.0 version in springboot2.7.18 version, when I start springboot, he will prompt me that there are many is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto -proxying), is there any way to avoid this?
2023-12-06 16:12:53.566 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'org.apache.shiro.spring.boot.autoconfigure.ShiroBeanAutoConfiguration' of type [org.apache.shiro.spring.boot.autoconfigure.ShiroBeanAutoConfiguration$$EnhancerBySpringCGLIB$$d51b44ee] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.580 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'org.apache.shiro.spring.boot.autoconfigure.ShiroAnnotationProcessorAutoConfiguration' of type [org.apache.shiro.spring.boot.autoconfigure.ShiroAnnotationProcessorAutoConfiguration$$EnhancerBySpringCGLIB$$d7ae8393] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.607 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'eventBus' of type [org.apache.shiro.event.support.DefaultEventBus] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.673 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'org.apache.shiro.spring.config.web.autoconfigure.ShiroWebAutoConfiguration' of type [org.apache.shiro.spring.config.web.autoconfigure.ShiroWebAutoConfiguration$$EnhancerBySpringCGLIB$$f9b7a558] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.674 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'shiroConfig' of type [site.liuye.demo.config.ShiroConfig$$EnhancerBySpringCGLIB$$73a922c4] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.708 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'realm' of type [site.liuye.demo.realm.UserRealm] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.760 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'sessionStorageEvaluator' of type [org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.760 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'subjectDAO' of type [org.apache.shiro.mgt.DefaultSubjectDAO] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.761 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'subjectFactory' of type [org.apache.shiro.web.mgt.DefaultWebSubjectFactory] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.762 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'rememberMeCookieTemplate' of type [org.apache.shiro.web.servlet.SimpleCookie] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.763 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'rememberMeManager' of type [org.apache.shiro.web.mgt.CookieRememberMeManager] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.764 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'authenticationStrategy' of type [org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.764 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'authenticator' of type [org.apache.shiro.authc.pam.ModularRealmAuthenticator] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.765 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'authorizer' of type [org.apache.shiro.authz.ModularRealmAuthorizer] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.766 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'sessionManager' of type [org.apache.shiro.web.session.mgt.ServletContainerSessionManager] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.767 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'securityManager' of type [org.apache.shiro.web.mgt.DefaultWebSecurityManager] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.774 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'authorizationAttributeSourceAdvisor' of type [org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.776 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'shiroFilterChainDefinition' of type [org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.779 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'requestContextFilter' of type [org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.783 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration' of type [org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.785 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'formContentFilter' of type [org.springframework.boot.web.servlet.filter.OrderedFormContentFilter] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.817 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'server-org.springframework.boot.autoconfigure.web.ServerProperties' of type [org.springframework.boot.autoconfigure.web.ServerProperties] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.819 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.boot.autoconfigure.web.servlet.HttpEncodingAutoConfiguration' of type [org.springframework.boot.autoconfigure.web.servlet.HttpEncodingAutoConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.821 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'characterEncodingFilter' of type [org.springframework.boot.web.servlet.filter.OrderedCharacterEncodingFilter] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.825 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'org.apache.shiro.spring.config.web.autoconfigure.ShiroWebFilterConfiguration' of type [org.apache.shiro.spring.config.web.autoconfigure.ShiroWebFilterConfiguration$$EnhancerBySpringCGLIB$$2c220a8f] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2023-12-06 16:12:53.834 INFO 7280 --- [ restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'globalFilters' of type [java.util.Collections$SingletonList] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
Most modules use log4j2, so logback snuck in by accident. Replace logback with log4j2.
I'm running into issues with Spring Boot 3.2 and Shiro 2.0.0-alpha-4. The Spring Boot guide (https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#jakarta-ee) says javax.servlet is now jakarta.servlet, but Shiro is still on javax.servlet. Does this mean we need to update dependencies?
Hi there,
I will work on a project where we consider using Apache Jena along with Shiro + Fuseki. Our main UI, however, will be developed in React.js or Angular and I'd like to ask if Shiro is the right tool in this regard as it seems to be made only for Java applications. Of course, I could replicate the API with some HTTP Server (maybe written with Spring) and pass a token to the frontend user. But I would like not to, as I'm not a security engineer. The UI will definitely be a SPA and not managed by Shiro or Spring.
Would love to hear your opinions on this.
Thank you very much
There is a flaky tests only occuring on a few windows builds.
e.g.: https://github.com/apache/shiro/actions/runs/5280929040/jobs/9554140838
[INFO] Running org.apache.shiro.testing.jaxrs.openliberty.OpenLibertyIT
Error: Tests run: 2, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 3.283 s <<< FAILURE! - in org.apache.shiro.testing.jaxrs.openliberty.OpenLibertyIT
Error: org.apache.shiro.testing.jaxrs.openliberty.OpenLibertyIT.testGetUsersBasicAuthenticated Time elapsed: 2.954 s <<< FAILURE!
org.opentest4j.AssertionFailedError: expected: <50> but was: <49>
at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132)
at org.junit.jupiter.api.AssertEquals.failNotEqual(AssertEquals.java:197)
at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:150)
at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:145)
at org.junit.jupiter.api.Assertions.assertEquals(Assertions.java:528)
at org.apache.shiro.testing.jaxrs.tests.AbstractShiroJaxRsIT.testGetUsersBasicAuthenticated(AbstractShiroJaxRsIT.java:74)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.junit.platform.commons.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:727)
at org.junit.jupiter.engine.execution.MethodInvocation.proceed(MethodInvocation.java:60)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain$ValidatingInvocation.proceed(InvocationInterceptorChain.java:131)
at org.junit.jupiter.engine.extension.TimeoutExtension.intercept(TimeoutExtension.java:156)
at org.junit.jupiter.engine.extension.TimeoutExtension.interceptTestableMethod(TimeoutExtension.java:147)
at org.junit.jupiter.engine.extension.TimeoutExtension.interceptTestMethod(TimeoutExtension.java:86)
at org.junit.jupiter.engine.execution.InterceptingExecutableInvoker$ReflectiveInterceptorCall.lambda$ofVoidMethod$0(InterceptingExecutableInvoker.java:103)
at org.junit.jupiter.engine.execution.InterceptingExecutableInvoker.lambda$invoke$0(InterceptingExecutableInvoker.java:93)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain$InterceptedInvocation.proceed(InvocationInterceptorChain.java:106)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain.proceed(InvocationInterceptorChain.java:64)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain.chainAndInvoke(InvocationInterceptorChain.java:45)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain.invoke(InvocationInterceptorChain.java:37)
at org.junit.jupiter.engine.execution.InterceptingExecutableInvoker.invoke(InterceptingExecutableInvoker.java:92)
at org.junit.jupiter.engine.execution.InterceptingExecutableInvoker.invoke(InterceptingExecutableInvoker.java:86)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.lambda$invokeTestMethod$7(TestMethodTestDescriptor.java:217)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.invokeTestMethod(TestMethodTestDescriptor.java:213)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.execute(TestMethodTestDescriptor.java:138)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.execute(TestMethodTestDescriptor.java:68)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:151)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1541)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:41)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:155)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1541)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:41)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:155)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.submit(SameThreadHierarchicalTestExecutorService.java:35)
at org.junit.platform.engine.support.hierarchical.HierarchicalTestExecutor.execute(HierarchicalTestExecutor.java:57)
at org.junit.platform.engine.support.hierarchical.HierarchicalTestEngine.execute(HierarchicalTestEngine.java:54)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:147)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:127)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:90)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.lambda$execute$0(EngineExecutionOrchestrator.java:55)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.withInterceptedStreams(EngineExecutionOrchestrator.java:102)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:54)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:114)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:86)
at org.junit.platform.launcher.core.DefaultLauncherSession$DelegatingLauncher.execute(DefaultLauncherSession.java:86)
at org.apache.maven.surefire.junitplatform.LazyLauncher.execute(LazyLauncher.java:50)
at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.execute(JUnitPlatformProvider.java:184)
at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.invokeAllTests(JUnitPlatformProvider.java:148)
at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.invoke(JUnitPlatformProvider.java:122)
at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:385)
at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:162)
at org.apache.maven.surefire.booter.ForkedBooter.run(ForkedBooter.java:507)
at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:495)
[INFO]
[INFO] Results:
[INFO]
Error: Failures:
Error: OpenLibertyIT>AbstractShiroJaxRsIT.testGetUsersBasicAuthenticated:74 expected: <50> but was: <49>
[INFO]
Error: Tests run: 2, Failures: 1, Errors: 0, Skipped: 0
[INFO]
[INFO]
Java 17
shiro-web 1.13.0 jakarta classifier
The MANIFEST.MF contains references towards javax.servlet and not jakarta.servlet
The MANIFEST.MF only contains references towards jakarta.servlet and not javax.servlet
There are 2 ways to see the issue:
jakarta/servlet/Filter as the bundle classloader is not configured to load jakarta.servlet package but javax.servletjavax and not jakartaNo response
When will it support spring boot 3.0
Upgrade to Common-cli 1.6.0
Upgrade to Common-cli 1.6.0
Wildfly 26
2.0.0-alpha-3
I had to login in again and an exception was logged in the server log (see below)
I still was logged in.
Be sure the value of the remembe-me cookie in (Firefox) ends with a '='.
2023-08-24 20:22:20,144 WARN [org.apache.shiro.web.mgt.CookieRememberMeManager] (default task-1) Unable to decode existing base64 encoded entity: [rjzNp+Fy9WOpFkE4fz9giXYNJISADfyWcE7ys6JqH1hoeO072R+svonp2E/t/FgwbfkAsX/jNQhBQ3OfWFuGHqXTFK4skVDcMB230OiJLjIdDA51W3YzAxZtaN1tQDbI1rQtChs4tH1Gyf8GBPfKLpXERpweRw4jT5ppUZVkoSt+eKNAWj0BOY/PSuABXDPm2nAfF6de1uQJnMNoxrCsC5vMFWGQ7f7UDsvS6iaQUXi02y7Gj2FbC+73gBiZBmX13Y3O5KWHe0XNtdm8W3M+dvUtYwzpEYrH1jUHqKKfbJtP1WViF1CCN+GgYqiUmco3kxvAFxw5WAN5lP4j7R8nzyivU0EwVb7x+2Fhve6y4B6w6fCbD0JIgjMk2IZZzyvyhKSK7NAfuKHf8rtTE2Gln8+TdTeRSZAwgx4FSl0jcpOgik+cMAMpiVC5NlQ+jxWCPbNUHKdM+7xxht+cqBtJgp8ZNgC5olhEmTgjYuRFmf0bKETJrFvnnX/DkwzJ/OAESsxtjCJF6nb0h61BlPvsyIMBqxnotWhvP8a7hYYrSRN6IwdsveD96VE1hkvwPSpvmYt5GHSG7VOxI9s1KoSkQDYg5s/9DTKgblnVCHkoYeNFfmK0nuxaixRNfPydXI4/BVESGFy8S0VZE2WHni3KIELu+7prZ3Qz7RRAXPOBRtAUREHG8jKvoMFEcSqDIg92UQ7xmjE7EoBPji4ESv9GzRdL8ZtScRXAekWwoOCSCa3qwXCYkvPp4C1k7C6VusthOaMvj4E===].: java.lang.IllegalArgumentException: Input byte array has incorrect ending byte at 776
at java.base/java.util.Base64$Decoder.decode0(Base64.java:771)
at java.base/java.util.Base64$Decoder.decode(Base64.java:535)
at deployment.aliassen-web-23.01.war//org.apache.shiro.lang.codec.Base64.decode(Base64.java:104)
at deployment.aliassen-web-23.01.war//org.apache.shiro.lang.codec.Base64.decode(Base64.java:94)
at deployment.aliassen-web-23.01.war//org.apache.shiro.web.mgt.CookieRememberMeManager.getRememberedSerializedIdentity(CookieRememberMeManager.java:224)
at deployment.aliassen-web-23.01.war//org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:394)
at deployment.aliassen-web-23.01.war//org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:613)
at deployment.aliassen-web-23.01.war//org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:501)
at deployment.aliassen-web-23.01.war//org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:347)
at deployment.aliassen-web-23.01.war//org.apache.shiro.ee.filters.ShiroFilter$WrappedSecurityManager.createSubject(ShiroFilter.java:167)
at deployment.aliassen-web-23.01.war//org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845)
at deployment.aliassen-web-23.01.war//org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
at deployment.aliassen-web-23.01.war//org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:300)
at deployment.aliassen-web-23.01.war//org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:367)
at deployment.aliassen-web-23.01.war//org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at [email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68)
at [email protected]//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103)
at [email protected]//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161)
at [email protected]//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73)
at [email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67)
at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at org.wildfly.security.elytron-web.undertow-server-servlet@1.10.1.Final//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at [email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)
at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852)
at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
at java.base/java.lang.Thread.run(Thread.java:834)
We still have junit4 and junit3 tests.
There's a plugin for openrewrite which can do the conversion.
Update CI to use latest JDK releases
N/A
Neither JPMS module-info nor automatic module manifest entries are present in the artifacts.
This causes nasty warnings from maven compiler plugin when using Shiro as a dependenc.
Either module-info or manifest entry should be added to all JAR artifacts
I have tried doing this, but the automated way doesn't work because the artifactIds have dashes in them instead of dots, which is disallowed by JPMS
Also tried maven-helper plugin to transform dashes to dots, but it didn't work
NOTE: If using Java modules with the previous alphas, the module names have changed (example: shiro.core -> org.apache.shiro.core)
I use shiro 2.0.0-alpha-2 with shiro 1 's hash Algorithm "SHA-256" , exception as below:
public static String str2SHA256(String str)
{
DefaultPasswordService passwordService = new DefaultPasswordService();
passwordService.setHashService(new DefaultHashService()
{
{
setDefaultAlgorithmName("SHA-256");
}
});
String encryptedValue = passwordService.encryptPassword(str);
return encryptedValue;
}exception:
Exception in thread "main" java.lang.UnsupportedOperationException: Shiro2CryptFormat can only format classes extending AbstractCryptHash.
at org.apache.shiro.crypto.hash.format.Shiro2CryptFormat.format(Shiro2CryptFormat.java:107)
at org.apache.shiro.authc.credential.DefaultPasswordService.encryptPassword(DefaultPasswordService.java:83)In certain configurations, the original request URL isn't available on the web server. This is especially true in docker and kubernetes environments. A way to override the resubmit URL's host and port is needed.
If resubmit fails, the login fails, where it shouldn't.
2.0.0-alpha-4
N/A
N/A
Deploy Shiro in a docker container
No response
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.