配置Hazelcast和Shiro

Question

I am currently having trouble configuring Shiro and Hazelcast in conjunction:

web.xml:

<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter>
    <filter-name>hazelcastWebFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>targetFilterLifecycle</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
[...]
    <filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>hazelcastWebFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

ApplicationContext.xml:

<!-- Hazelcast configuration-->
<hz:hazelcast id="hazelcastInstance">
    <hz:config>
        <hz:instance-name>${hazelcast.instance}</hz:instance-name>
        <hz:group name="${hazelcast.group}" password="${hazelcast.password}"/>
        <hz:network port="${hazelcast.port}" port-auto-increment="${hazelcast.port.autoincrement}">
            <hz:join>
                <hz:multicast enabled="${hazelcast.multicast.enabled}"
                              multicast-group="${hazelcast.multicast.group}"
                              multicast-port="${hazelcast.multicast.port}"
                              multicast-time-to-live="${hazelcast.multicast.timetolive}"
                              multicast-timeout-seconds="${hazelcast.multicast.timeoutseconds}"></hz:multicast>
            </hz:join>
        </hz:network>
    </hz:config>
</hz:hazelcast>
[...]
<bean id="hazelcastWebFilter" class="com.hazelcast.web.WebFilter" depends-on="hazelcastInstance">
    <constructor-arg name="properties">
        <props>
            <prop key="map-name">shiro-activeSessionCache</prop>
            <prop key="sticky-session">${hazelcast.webfilter.stickysession}</prop>
            <prop key="instance-name">${hazelcast.instance}</prop>
        </props>
    </constructor-arg>
</bean>

<!-- Shiro -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager"/>
    <property name="loginUrl" value="/s/Login.app"/>
    <property name="successUrl" value="/goMain.app"/>
    <property name="unauthorizedUrl" value="/unauthorized.jsp"/>
    <property name="filters">
        <util:map>
            <entry key="authc" value-ref="auth"/>
            <entry key="authcpda" value-ref="pdaAuth"/>
        </util:map>
    </property>
    <property name="filterChainDefinitions">
        <value>
            HERE ARE PATHS onfigured
        </value>
    </property>
</bean>

<bean id="auth" class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter">
    <property name="loginUrl" value="/s/Login.app"/>
</bean>

<bean id="pdaAuth" class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter">
    <property name="loginUrl" value="/s/pda/login.app"/>
</bean>

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="realm" ref="PRODUCTRealm"/>
    <property name="cacheManager" ref="shiroCacheManager"/>
    <property name="sessionManager" ref="sessionManager"/>
</bean>

<bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"></bean>

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

<!--<bean id="shiroCacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager"/>-->
<bean id="shiroCacheManager" class="de.logentis.Hazelcast.HazelcastCacheManager"/>

<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
    <property name="sessionDAO" ref="sessionDAO"/>
    <property name="sessionValidationSchedulerEnabled" value="false"/>
</bean>

<!-- Define the Shiro Realm implementation you want to use to connect to your back-end -->
<!-- security datasource: Netversys DB -->
<bean id="PRODUCTRealm" class="PRODUCTNAMEJdbcRealm">
    <property name="dataSource" ref="dataSource"/>
    <property name="schema" value="${PRODUCTdb.schema}"/>
</bean>

<!-- Enable Shiro Annotations for Spring-configured beans.  Only run after the lifecycleBeanProcessor has run: -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
      depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
    <property name="securityManager" ref="securityManager"/>
</bean>

HazelcastCacheManager is from: https://github.com/stormpath/shiro-hazelcast-web-sample/blob/master/src/main/java/com/stormpath/samples/shiro/hazelcast/cache/HazelcastCacheManager.java

Problem 1: I can't log into the Application. I'm instantly logged out.

Problem 2: A JSESSIONID appears as query parameter (?). Was definitely never before

Problem 3: The hazelcastsession seems lost, although a Cookie exists

Problem 4: I have 3 Cookies: 2 JSESSIONID and 1 hazelcast.

Any help will be appreciated

Answer 1

As for the JSESSIONID issues, which may cause 1)

I don't know about hazelcast, but we had similar issues with using Vaadin and shiro. When the webapplication was using the JSESSION in the url, things got messy.

What helped for us is adding this to web.xml, telling the webserver to only use cookies for session id tracking:

<session-config>
    <cookie-config>
        <!-- this is so we also use it for https -->
        <http-only>false</http-only>
    </cookie-config>
    <tracking-mode>COOKIE</tracking-mode>
</session-config>