Shiro Plugin
  1. Shiro Plugin
  2. GPSHIRO-15

When using response code url mappings views and layouts are unable to use <shiro:authenticated> and other tags, exceptions occur

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.0
    • Fix Version/s: 1.1
    • Labels:
      None
    • Testcase included:
      yes

      Description

      I had a look a the Shiro plugin and couldn't see anything wrong there (but I'm not a plugin/grails expert) and the problem looks like it lies within grails itself.

      If you use a url mapping like this:

      ...
      	"/$controller/$action?/$id?"{
      	    constraints {
      			 // apply constraints here
      		  }
      	}
      	"404"(controller: 'error', action: 'notFound')
      ...
      

      and use a url that doesn't exist so that the "/errors/notFound" view is used and that view uses <shiro:authenticated> then an exception occurs.

      If you access the controller and it's action directly using a use a url like this: 'error/notFound' then everything works as expected.

      Further to this, if you create a view which has this code:

      <html>
          <head>
              <title>Not Found</title>
          	<meta name="layout" content="main" />
      	</head>
      	<body>
      		View: org.apache.shiro.util.ThreadContext.getSecurityManager returns null?: ${org.apache.shiro.util.ThreadContext.getSecurityManager() == null }
      	</body>
      </html>
      

      The result will be "View: org.apache.shiro.util.ThreadContext.getSecurityManager returns null?: true" when accessing a page that doesn't exist
      and "View: org.apache.shiro.util.ThreadContext.getSecurityManager returns null?: false" when accessing the controller and action directly.

      Thus, any tag in the ShiroTagLib that uses SecurityManager.getSubject() will fail.

      Attempting to use "<shiro:authenticated>Authenticated</shiro:authenticated>" in the "main" layout or the "notFound" view results in the following exception:

      2009-10-15 12:06:49,899 [http-8080-3] ERROR errors.GrailsExceptionResolver  - Error executing tag <shiro:authenticated>: java.lang.IllegalStateException: No SecurityManager accessible to this method, ...
              at Users_dclifton_Sites_shirobug_grails_app_views_layouts_main_gsp.run(Users_dclifton_Sites_shirobug_grails_app_views_layouts_main_gsp:27)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
              at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
              at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:551)
              at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:488)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
              at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
              at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:438)
              at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
              at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
              at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:416)
              at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:343)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:144)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
              at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
              at java.lang.Thread.run(Thread.java:613)
      Caused by: org.codehaus.groovy.runtime.InvokerInvocationException: java.lang.IllegalStateException: No SecurityManager accessible to this method, ...
              ... 22 more
      Caused by: java.lang.IllegalStateException: No SecurityManager accessible to this method, ...
              at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:79)
              at ShiroTagLib.checkAuthenticated(ShiroTagLib.groovy:261)
              at ShiroTagLib.this$2$checkAuthenticated(ShiroTagLib.groovy)
              at ShiroTagLib$_closure1.doCall(ShiroTagLib.groovy:32)
              ... 22 more
      

      I've attached an example project, two example urls that highlight the problem are:

      http://localhost:8080/shirobug/i-dont-exist <-- throws exception
      http://localhost:8080/shirobug/error/notFound <-- works as expected

        Activity

        Hide
        Kenny Cheang added a comment -

        I have tried again with the latest 1.1-SNAPSHOT. The issue has not been fixed. I am still getting the "No SecurityManager accessible to this method" error when a shiro tag is used in a sitemash layout that my error page extends.

        Caused by: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
        	at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:124)
        
        Show
        Kenny Cheang added a comment - I have tried again with the latest 1.1-SNAPSHOT. The issue has not been fixed. I am still getting the "No SecurityManager accessible to this method" error when a shiro tag is used in a sitemash layout that my error page extends. Caused by: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration. at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:124)
        Hide
        Nels added a comment - - edited

        I see other users saying this isn't fixed, but it's still marked fixed two years later. Is this fixed or not?

        I get this error all the time but randomly. Sometimes it works, sometimes this happens. My config never changes.

        2012-08-09 18:40:17,764 ERROR [GrailsExceptionResolver] Exception occurred when processing request: [POST] /testapp/resource/show - parameters:
        org.codehaus.groovy.grails.SYNCHRONIZER_URI: /testapp/resource/list
        org.codehaus.groovy.grails.SYNCHRONIZER_TOKEN: d3296009-caa9-4ffb-b45a-e899e0a6356c
        Stacktrace follows:
        org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
                at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:124)
                at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:616)
                at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:57)
                at ShiroGrailsPlugin.accessControlMethod(ShiroGrailsPlugin.groovy:444)
                at ShiroGrailsPlugin$_closure3_closure25.doCall(ShiroGrailsPlugin.groovy:252)
                at SecurityFilters$_closure1_closure2_closure3.doCall(SecurityFilters.groovy:17)
                at SecurityFilters$_closure1_closure2_closure3.doCall(SecurityFilters.groovy)
                at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
                at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
                at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776)
                at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705)
                at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898)
                at java.lang.Thread.run(Thread.java:662)
        
        Show
        Nels added a comment - - edited I see other users saying this isn't fixed, but it's still marked fixed two years later. Is this fixed or not? I get this error all the time but randomly. Sometimes it works, sometimes this happens. My config never changes. 2012-08-09 18:40:17,764 ERROR [GrailsExceptionResolver] Exception occurred when processing request: [POST] /testapp/resource/show - parameters: org.codehaus.groovy.grails.SYNCHRONIZER_URI: /testapp/resource/list org.codehaus.groovy.grails.SYNCHRONIZER_TOKEN: d3296009-caa9-4ffb-b45a-e899e0a6356c Stacktrace follows: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration. at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:124) at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:616) at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:57) at ShiroGrailsPlugin.accessControlMethod(ShiroGrailsPlugin.groovy:444) at ShiroGrailsPlugin$_closure3_closure25.doCall(ShiroGrailsPlugin.groovy:252) at SecurityFilters$_closure1_closure2_closure3.doCall(SecurityFilters.groovy:17) at SecurityFilters$_closure1_closure2_closure3.doCall(SecurityFilters.groovy) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898) at java.lang. Thread .run( Thread .java:662)
        Hide
        Peter Ledbrook added a comment -

        Do you have a reproducible example? Or at least one that demonstrates the issue intermittently?

        Show
        Peter Ledbrook added a comment - Do you have a reproducible example? Or at least one that demonstrates the issue intermittently?
        Hide
        Nels added a comment -

        No, not right now. I can try to put something together, but it would be extremely difficult to put together an example that resembles our project. There are simply so many moving parts. This fact along with the fact that this happens randomly and that there is absolutely no application-referencing elements in the stack trace of this error makes it impossible for me to reproduce consistently.

        Typically, here is the usage pattern I think exists when I notice this happening. Often I think that a form is involved. A user prepares a form, and clicks submit. Then, something happens. Perhaps the users stops the browser action, clicks the back button, or perhaps initiates a sign-out action. Perhaps code gets changes and the development environment begins to recompile certain groovy files.

        It seems that sometimes (not always) when the user begins to interact with the form page again, or certain other pages where application session fields are accessed, this error seems to occur.

        Show
        Nels added a comment - No, not right now. I can try to put something together, but it would be extremely difficult to put together an example that resembles our project. There are simply so many moving parts. This fact along with the fact that this happens randomly and that there is absolutely no application-referencing elements in the stack trace of this error makes it impossible for me to reproduce consistently. Typically, here is the usage pattern I think exists when I notice this happening. Often I think that a form is involved. A user prepares a form, and clicks submit. Then, something happens. Perhaps the users stops the browser action, clicks the back button, or perhaps initiates a sign-out action. Perhaps code gets changes and the development environment begins to recompile certain groovy files. It seems that sometimes (not always) when the user begins to interact with the form page again, or certain other pages where application session fields are accessed, this error seems to occur.
        Hide
        Peter Ledbrook added a comment -

        I wonder if it's related to an issue in the core library. That's fixed in Shiro 1.2, which is what version 1.2.0-SNAPSHOT of the plugin is based on. Do you mind trying 1.2.0-SNAPSHOT? It passes the tests in the project and works in grails.org.

        Show
        Peter Ledbrook added a comment - I wonder if it's related to an issue in the core library . That's fixed in Shiro 1.2, which is what version 1.2.0-SNAPSHOT of the plugin is based on. Do you mind trying 1.2.0-SNAPSHOT? It passes the tests in the project and works in grails.org.

          People

          • Assignee:
            Peter Ledbrook
            Reporter:
            Dominic Clifton
          • Votes:
            7 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: