与Shiro集成时WebStatFilter的finally中未catch异常 #1707

renfufei · 2017-04-26T10:36:38Z

环境: shiro-spring-1.2.3 版本, 使用Redis构建 Shiro 的Web集群。

web.xml 之中对 WebStatFilter 指定初始化参数:

        <init-param>
            <param-name>sessionStatEnable</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>principalSessionName</param-name>
            <param-value>_loginuser_name</param-value>
        </init-param>

操作描述: 用户登录之后, 执行 logout 时抛出。

影响: 对于(我们的系统来说) redirect 没有影响, 但对于依赖返回内容的 Ajax 请求, 会报错:

异常位置: com.alibaba.druid.support.http.WebStatFilter 类中, doFilter 方法的 finally语句块中, 152行附近, 调用了父类的 getPrincipal 方法:

            if (sessionStat != null) {
                sessionStat.afterInvoke(error, nanos);
                sessionStat.setPrincipal(getPrincipal(httpRequest));
            }

原因分析: Shiro 的锅, logout 时删除了Redis中对应的 sessionId 键, 导致 WebStatFilter 在 filter 链之后获取 session 中的值时, session 不为 null, 但调用 getAttribute() 方法时,其内部代理抛出异常, 代码如下所示:

org.apache.shiro.session.mgt.eis.AbstractSessionDAO 类:

    public Session readSession(Serializable sessionId) throws UnknownSessionException {
        Session s = doReadSession(sessionId);
        if (s == null) {
            throw new UnknownSessionException("There is no session with id [" + sessionId + "]");
        }
        return s;
    }

异常原因堆栈信息为:

Caused by: org.apache.shiro.session.UnknownSessionException: There is no session with id [78dfd3d8-2914-446c-8aba-028c8eeb1f54]
	at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170) ~[shiro-core-1.2.3.jar:1.2.3]
	at org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:261) ~[shiro-core-1.2.3.jar:1.2.3]
	at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236) ~[shiro-core-1.2.3.jar:1.2.3]
	at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222) ~[shiro-core-1.2.3.jar:1.2.3]
	at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118) ~[shiro-core-1.2.3.jar:1.2.3]
	at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) ~[shiro-core-1.2.3.jar:1.2.3]
	at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:112) ~[shiro-core-1.2.3.jar:1.2.3]
	at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getAttribute(AbstractNativeSessionManager.java:209) ~[shiro-core-1.2.3.jar:1.2.3]
	at org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:141) ~[shiro-core-1.2.3.jar:1.2.3]
	at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) ~[shiro-core-1.2.3.jar:1.2.3]
	at org.apache.shiro.web.servlet.ShiroHttpSession.getAttribute(ShiroHttpSession.java:131) ~[shiro-web-1.2.3.jar:1.2.3]
	... 38 common frames omitted

The text was updated successfully, but these errors were encountered:

wenshao · 2017-05-14T03:35:21Z

已经支持，请使用新版本 https://github.com/alibaba/druid/releases/tag/1.0.30

wenshao added the Bug label Apr 27, 2017

wenshao added this to the 1.0.30 milestone May 14, 2017

wenshao added a commit that referenced this issue May 14, 2017

bug fixed for issue #1707

ae1d370

wenshao closed this as completed May 14, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

与Shiro集成时WebStatFilter的finally中未catch异常 #1707

与Shiro集成时WebStatFilter的finally中未catch异常 #1707

renfufei commented Apr 26, 2017

wenshao commented May 14, 2017

与Shiro集成时WebStatFilter的finally中未catch异常 #1707

与Shiro集成时WebStatFilter的finally中未catch异常 #1707

Comments

renfufei commented Apr 26, 2017

wenshao commented May 14, 2017