使用 Shiro 注销时出现 IllegalStateException

Posted 2023-02-27

【中文标题】使用 Shiro 注销时出现 IllegalStateException

【英文标题】：IllegalStateException when logging out with Shiro

【发布时间】：2015-02-22 08:46:08

【问题描述】：

我正在使用 Shiro 进行身份验证的 glassfish 4.0 上的 ZK 7.0.2 项目。用户使用以下代码登录：

Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
token.setRememberMe(false);
currentUser.login(token);
Executions.sendRedirect(HOME_URL);

注销是通过以下方式完成的：

Subject subject = SecurityUtils.getSubject();
subject.logout();
Executions.getCurrent().sendRedirect("/login.zul");

登录时，我遇到了几个空指针异常，但经过几次尝试后它登录了。堆栈跟踪如下所示：

java.lang.NullPointerException
at org.glassfish.grizzly.http.server.Request.getRemoteAddr(Request.java:1169)
at org.apache.catalina.connector.Request.getRemoteAddr(Request.java:1696)
at org.apache.catalina.connector.Request.getRemoteHost(Request.java:1709)
at org.apache.catalina.connector.RequestFacade.getRemoteHost(RequestFacade.java:575)
at javax.servlet.ServletRequestWrapper.getRemoteHost(ServletRequestWrapper.java:284)
at org.apache.shiro.web.subject.support.DefaultWebSubjectContext.resolveHost(DefaultWebSubjectContext.java:55)
at org.apache.shiro.web.mgt.DefaultWebSubjectFactory.createSubject(DefaultWebSubjectFactory.java:58)
at org.apache.shiro.mgt.DefaultSecurityManager.doCreateSubject(DefaultSecurityManager.java:369)
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:344)
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:183)
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:283)
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
at com.csmp.zk.auth.Login.onClick$submit(Login.java:52)

注销时，我得到类似的行为。注销时遇到的stacktrace如下所示。

Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during onSuccessfulLogin.  RememberMe services will not be performed for account [admin].

java.lang.IllegalStateException: Internal org.glassfish.grizzly.http.server.Response has not been set
at org.glassfish.grizzly.http.server.Response.checkResponse(Response.java:1840) ~[nucleus-grizzly-all.jar:na]
at org.glassfish.grizzly.http.server.Response.isCommitted(Response.java:708) ~[nucleus-grizzly-all.jar:na]
at org.apache.catalina.connector.Response.isCommitted(Response.java:807) ~[web-core.jar:na]
at org.apache.catalina.connector.Response.isAppCommitted(Response.java:448) ~[web-core.jar:na]
at org.apache.catalina.connector.ResponseFacade.isCommitted(ResponseFacade.java:363) ~[web-core.jar:na]
at org.apache.catalina.connector.ResponseFacade.addHeader(ResponseFacade.java:576) ~[web-core.jar:na]
at org.apache.shiro.web.servlet.SimpleCookie.addCookieHeader(SimpleCookie.java:223) ~[shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.SimpleCookie.removeFrom(SimpleCookie.java:355) ~[shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.mgt.CookieRememberMeManager.forgetIdentity(CookieRememberMeManager.java:288) ~[shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.mgt.CookieRememberMeManager.forgetIdentity(CookieRememberMeManager.java:260) ~[shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.AbstractRememberMeManager.onSuccessfulLogin(AbstractRememberMeManager.java:293) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.DefaultSecurityManager.rememberMeSuccessfulLogin(DefaultSecurityManager.java:206) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.DefaultSecurityManager.onSuccessfulLogin(DefaultSecurityManager.java:291) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:285) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) [shiro-core-1.2.3.jar:1.2.3]
at com.csmp.zk.auth.Login.onClick$submit(Login.java:52) [Login.class:na]

我尝试了各种技巧，但都没有成功。任何帮助都感激不尽。谢谢。

【参考方案1】：

原来这个错误是由添加引起的

<disable-event-thread>false</disable-event-thread>

到 zk.xml 文件。