Correct setup for Vaadin 7 with Apache Shiro

Richard57 · May 12, 2014, 3:54pm

I have a Vaadin Application that uses Vaadin 7 for authentication and authorization. From time to time this application hangs. When reloading the GUI in the browser I get the following exception:

org.apache.shiro.session.UnknownSessionException: There is no session with id [61da73fa-2800-4195-8f2c-9fc0b4e455af]

at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170) ~[shiro-core-1.2.2.jar:1.2.2]

at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236) ~[shiro-core-1.2.2.jar:1.2.2]

at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222) ~[shiro-core-1.2.2.jar:1.2.2]

at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118) ~[shiro-core-1.2.2.jar:1.2.2]

at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) ~[shiro-core-1.2.2.jar:1.2.2]

at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) ~[shiro-core-1.2.2.jar:1.2.2]

at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) ~[shiro-core-1.2.2.jar:1.2.2]

at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) [shiro-core-1.2.2.jar:1.2.2]

at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) [shiro-core-1.2.2.jar:1.2.2]

at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) [shiro-core-1.2.2.jar:1.2.2]

at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) [shiro-core-1.2.2.jar:1.2.2]

at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) [shiro-web-1.2.2.jar:1.2.2]

at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) [shiro-web-1.2.2.jar:1.2.2]

at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) [shiro-web-1.2.2.jar:1.2.2]

at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.2.jar:1.2.2]

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467) [pax-web-jetty-bundle-3.0.5.jar:na]

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499) [pax-web-jetty-bundle-3.0.5.jar:na]

at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:69) [pax-web-jetty-bundle-3.0.5.jar:na]

It seems that shiro somehow looses the session information, desite the session is still valid.

Has someone a valid setup description for vaadin with shiro?

Wolfgang14 · May 13, 2014, 12:03pm

You need a shiro filter registering in your request filter chain, so after every UIDL request from vaadin shiro knows your session is still active.

http://shiro.apache.org/web.html#Web-FilterChainDefinitions

frederic40 · December 10, 2015, 2:10pm

Hi !!

Sorry to take that topic out of ground, but I’m having the same issue with shiro and vaadin (There is no session with id [61da73fa-2800-4195-8f2c-9fc0b4e455af]
)

Anyone can help on this one ? Can somenone tell a bit more about “You need a shiro filter registering in your request filter chain, so after every UIDL request from vaadin shiro knows your session is still active.”

Thanks a lot !!