Using Sessions from AuthFitler
216 views
Skip to first unread message
joshg
Feb 8, 2017, 12:16:48 AM2/8/17
to dropwizard-user
I'm trying to use server sessions with Dropwizard. I just need to store users' emails that I get from OAuth. I get the emails and store them in a Resource:
Response handleGet(@Context final HttpServletRequest request, @Session HttpSession session) {
...
session.setAttribute("user", u);
...
}
But how do I use/inject @Session or HttpSession with my AuthFilter subclass, without it causing an exception?
If I put it in the class as a private field, I get this exception:
Exception in thread "main" javax.servlet.ServletException: io.dropwizard.jersey.setup.JerseyServletContainer-c6634d@742729be==io.dropwizard.jersey.setup.JerseyServletContainer,1,false at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:661) at org.eclipse.jetty.servlet.ServletHolder.initialize(ServletHolder.java:419) at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:875) at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:349) at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:772) at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:262) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61) at com.codahale.metrics.jetty9.InstrumentedHandler.doStart(InstrumentedHandler.java:103) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61) at org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:231) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61) at org.eclipse.jetty.server.handler.StatisticsHandler.doStart(StatisticsHandler.java:252) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132) at org.eclipse.jetty.server.Server.start(Server.java:411) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:106) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61) at org.eclipse.jetty.server.Server.doStart(Server.java:378) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) at io.dropwizard.cli.ServerCommand.run(ServerCommand.java:53) at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44) at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:85) at io.dropwizard.cli.Cli.run(Cli.java:75) at io.dropwizard.Application.run(Application.java:79) at foobar.Foo.main(FoobarApplication.java:23) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147) Caused by: java.lang.IllegalStateException: Not inside a request scope. at jersey.repackaged.com.google.common.base.Preconditions.checkState(Preconditions.java:173) at org.glassfish.jersey.process.internal.RequestScope.current(RequestScope.java:233) at org.glassfish.jersey.process.internal.RequestScope.findOrCreate(RequestScope.java:158) at org.jvnet.hk2.internal.MethodInterceptorImpl.internalInvoke(MethodInterceptorImpl.java:89) at org.jvnet.hk2.internal.MethodInterceptorImpl.invoke(MethodInterceptorImpl.java:125) at org.jvnet.hk2.internal.MethodInterceptorInvocationHandler.invoke(MethodInterceptorInvocationHandler.java:62) at com.sun.proxy.$Proxy64.getSession(Unknown Source) at io.dropwizard.jersey.sessions.HttpSessionFactory.provide(HttpSessionFactory.java:23) at io.dropwizard.jersey.sessions.HttpSessionFactory.provide(HttpSessionFactory.java:9) at org.glassfish.jersey.server.internal.inject.ParamInjectionResolver.resolve(ParamInjectionResolver.java:134) at org.jvnet.hk2.internal.Utilities.justInject(Utilities.java:941) at org.jvnet.hk2.internal.ServiceLocatorImpl.inject(ServiceLocatorImpl.java:980) at org.jvnet.hk2.internal.ServiceLocatorImpl.inject(ServiceLocatorImpl.java:970) at foo.Bar.AuthenticatorFeature.configure(AuthenticatorFeature.java:31) at org.glassfish.jersey.model.internal.CommonConfig.configureFeatures(CommonConfig.java:730) at org.glassfish.jersey.model.internal.CommonConfig.configureMetaProviders(CommonConfig.java:648) at org.glassfish.jersey.server.ResourceConfig.configureMetaProviders(ResourceConfig.java:829) at org.glassfish.jersey.server.ApplicationHandler.initialize(ApplicationHandler.java:453) at org.glassfish.jersey.server.ApplicationHandler.access$500(ApplicationHandler.java:184) at org.glassfish.jersey.server.ApplicationHandler$3.call(ApplicationHandler.java:350) at org.glassfish.jersey.server.ApplicationHandler$3.call(ApplicationHandler.java:347) at org.glassfish.jersey.internal.Errors.process(Errors.java:315) at org.glassfish.jersey.internal.Errors.process(Errors.java:297) at org.glassfish.jersey.internal.Errors.processWithException(Errors.java:255) at org.glassfish.jersey.server.ApplicationHandler.<init>(ApplicationHandler.java:347) at org.glassfish.jersey.servlet.WebComponent.<init>(WebComponent.java:392) at org.glassfish.jersey.servlet.ServletContainer.init(ServletContainer.java:177) at org.glassfish.jersey.servlet.ServletContainer.init(ServletContainer.java:369) at javax.servlet.GenericServlet.init(GenericServlet.java:244) at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:640) ... 46 more Process finished with exit code 1
Thanks
joshg
Feb 8, 2017, 2:11:47 PM2/8/17
to dropwizard-user
IOW, is it compatible to use @Session in my Resources and ContainerRequestContext.getSession in my AuthFilter subclass?
joshg
Feb 8, 2017, 3:15:30 PM2/8/17
to dropwizard-user
ContainerRequestContext.getSession(false) doesn't find the session, despite there being a JSESSIONID cookie in the request:2017-02-08 20:06:14,000 615594 [dw-12 - GET /search] INFO CustomAuthFilter - - RequestedSessionId: 1s8ynw5yyxw7a1uv24jcou5j15
2017-02-08 20:06:14,001 615595 [dw-12 - GET /search] INFO CustomAuthFilter - - MaxInactiveInterval: -1
2017-02-08 20:06:14,001 615595 [dw-12 - GET /search] INFO CustomAuthFilter - - Cookie: JSESSIONID, 1s8ynw5yyxw7a1uv24jcou5j15
2017-02-08 20:06:14,001 615595 [dw-12 - GET /search] ERROR CustomAuthFilter - - Session null
2017-02-08 20:06:14,001 615595 [dw-12 - GET /search] WARN CustomAuthFilter - - User not found for : {Cookie=[JSESSIONID=1s8ynw5yyxw7a1uv24jcou5j15], Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8], Upgrade-Insecure-Requests=[1], User-Agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36], X-Forwarded-Proto=[https], Connection=[keep-alive], X-Forwarded-For=[4.16.175.59], Host=[foo.tech], Accept-Encoding=[gzip, deflate, sdch, br], Accept-Language=[en-US,en;q=0.8], X-Forwarded-Port=[443]}
On Tuesday, February 7, 2017 at 9:16:48 PM UTC-8, joshg wrote:
friso.v...@gmail.com
Feb 9, 2017, 6:21:02 PM2/9/17
to dropwizard-user
Did you add a SessionHandler?
In the run() method of your app there should be something like this:
environment.servlets().setSessionHandler(new SessionHandler());
(NB: this is in memory, so clustering it won't work)
Hope this helps.
Groeten,
Friso
Op woensdag 8 februari 2017 06:16:48 UTC+1 schreef joshg:
In the run() method of your app there should be something like this:
environment.servlets().setSessionHandler(new SessionHandler());
(NB: this is in memory, so clustering it won't work)
Hope this helps.
Groeten,
Friso
Op woensdag 8 februari 2017 06:16:48 UTC+1 schreef joshg:
Steve Kradel
Feb 12, 2017, 9:44:27 PM2/12/17
to dropwizard-user
Instead of trying to use sessions, I'd advise adding the email property to your User type, and simply populate it in the auth filter as part of verifying the OAuth token.
Or you could add it as a request property, but this seems much more cumbersome than tacking it onto the user/principal.
In addition, a lot of client use cases will be essentially stateless and refuse to honor the request to use a cookie.
Reply all
Reply to author
Forward
0 new messages