Closed simoncomley closed 5 years ago
pmcneil
commented
5 years ago The security manager is in the ThreadContext for the plugin. What version of tomcat are you running in production as compared to test/dev?
It'd be good to have a look at your grails shiro config too if that's possible?
simoncomley
commented
5 years ago Hi @pmcneil, thanks for responding.
Tomcat Version Version of tomcat is the same on our Test environment as production which is 8.5.45. We've finally managed to reproduce it on our test environment though.
Our development environments still don't exhibit the issue but I'm guessing this could be because in dev it might use the singleton approach? Going to step through debug now and see.
Shiro Config Currently we have it as the default and have no additional config in application.yml
Further investigation reveals We think it's got something to do with how we are handling errors in our UrlMappings and certain filters are running when the error occurs. The problem being that it's unclear how to exclude this from happening.
"500"(view:'/errors/error')
"404"(view:'/errors/404')We are going to try rather map these to controller actions and then exclude that way.
animator013
commented
5 years ago I think i stumbled upon this in production with tomcat 8.5.34. I was using old shiro grails plugin.
This error went away after introducing this to URLMappings:
"/$prefix**"(controller: 'error', action: 'notFound') {
constraints {
prefix(validator: { !(it =~ "^/*(assets|plugins|static)(/.*)?")} )
}
}@simoncomley Note:
If you are using Annotations. We replace the GrailsExceptionResolver. Also @animator013 one change we made was to not automatically protect all endpoints because that catches assets etc. We've now gone to using an Interceptor per Controller model, thus the http://nerderg.com/docs/grails-shiro/#create-shiro-controller-interceptor script.
pmcneil
commented
5 years ago Have you resolved your issue?
simoncomley
commented
5 years ago Hi @pmcneil, Apologies for the late response, this grails 4 production deploy didn't go well for us so it's been all hands deck since Sunday. We didn't have either of what you mentioned configured so I've put in the UrlMappings for now and I need to experiment with the exception handling in our test environment.
Thanks so much for your input and I apologise if this was a RTFM moment, we really did attempt to solve this before reaching out.
pmcneil
commented
5 years ago no problem @simoncomley let us know how you go. Might set up a gitter for grails shiro!
Hi Folks, we have run into a bit of an issue on production which didn’t occur on our Dev or Test environments.
Production env:
We are basically getting the following error:
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.Now a bit of googling and I found this on SO -> https://stackoverflow.com/questions/16352940/is-an-unbound-securitymanager-really-an-invalid-application-configuration-in-shi
While the article helps to explain it I'm not entirely sure what application configuration is required to make it stop, i've gone through the guide and can't see anything missing.
It seems like first the SecurityUtils looks for the securityManager in ThreadContext before looking for it as a Singleton. Now I'm aware that you can purposefully setup the singleton but also have read that it's preferred that you don't do that.
Is this really a configuration issue or is it a bug in the plugin? From what I've read on the Shiro Forums it could even be a Tomcat Issue (http://shiro-user.582556.n2.nabble.com/Issue-with-Grails-Shiro-td4568683.html#a4568860) which we are running on.
If it's config, please could help point us in the right direction. Any help or feedback would be amazing.