Home spring-security-shiro org.apache.shiro.authc.AccountException: Not logged in or anonymous
Reply: 1

spring-security-shiro org.apache.shiro.authc.AccountException: Not logged in or anonymous

JJHolloway Published in 2018-01-05 18:25:32Z

I am in the process of migration my app from grails 2.4.4 to grails 3.2.9.

I am trying to migrate to

compile 'org.grails.plugins:spring-security-shiro:3.0.1' 

When I try to sign in with a user I get the following error:

   org.apache.shiro.authc.AccountException: Not logged in or anonymous
            at grails.plugin.springsecurity.shiro.SpringSecurityRealm.getCurrentUser(SpringSecurityRealm.groovy:76)
            at grails.plugin.springsecurity.shiro.SpringSecurityRealm.doGetAuthenticationInfo(SpringSecurityRealm.groovy:95)
            at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
            at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
            at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
            at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
            at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
            at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
            at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
            at org.apache.shiro.subject.Subject$login.call(Unknown Source)

In my application rules I have:

[pattern: '/login/auth/**',      access: ['permitAll']],

In grails 2.4.4 I would be able to debug the dbRealm.groovy file but I cannot do that with the new plugin.

I know the user is not logged in as that is what I am trying to do but why might it think my user is anonymous?

Michal_Szulc Reply to 2018-01-06 18:30:23Z

Basing on https://grails-plugins.github.io/grails-spring-security-shiro/v3/index.html#permissions

This will transitively install the Spring Security Core plugin, so you’ll need to configure that by running the s2-quickstart script.

so looking at https://grails-plugins.github.io/grails-spring-security-core/ and at https://grails-plugins.github.io/grails-spring-security-core/3.1.x/index.html (cause you're using Grails 3.2.x)

3.5. Anonymous authentication

In standard Spring Security and older versions of the plugin, there is support for an “anonymous” authentication. This is implemented by a filter that registers a simple Authentication in the SecurityContext to remove the need for null checks, since there will always be an Authentication available. This approach is still problematic though because the Principal of the anonymous authentication is a String, whereas it is a UserDetails instance when there is a non-anonymous authentication.

Since you still have to be careful to differentiate between anonymous and non-anonymous authentications, the plugin now creates an anonymous Authentication which will be an instance of grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken with a standard org.springframework.security.core.userdetails.User instance as its Principal. The authentication will have a single granted role, ROLE_ANONYMOUS.


5.2. URLs and Authorities

In each approach you configure a mapping for a URL pattern to the role(s) that are required to access those URLs, for example, /admin/user/** requires ROLE_ADMIN. In addition, you can combine the role(s) with SpEL expressions and/or tokens such as IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_REMEMBERED, and IS_AUTHENTICATED_FULLY. One or more voters (Voters) will process any tokens and enforce a rule based on them:


    signifies that anyone can access this URL. By default the AnonymousAuthenticationFilter ensures an “anonymous” Authentication

with no roles so that every user has an authentication. The token accepts any authentication, even anonymous.

    The SpEL expression permitAll is equivalent to IS_AUTHENTICATED_ANONYMOUSLY and is typically more intuitive to use
You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.387153 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO