shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amir Mohammad Vosough <amirmv2...@gmail.com>
Subject Problem with authentication
Date Wed, 26 Oct 2011 13:18:24 GMT
Hi there, tnx for great work on shiro!
I have configured shiro for SSO using ehcache to support different 
applications on same container. but i am facing a strange problem. the 
login page redirects user to page it was redirected from. but sometimes 
after the user is redirected, it is not yet authenticated! i debugged 
your filter and saw that actualy sometimes user is authenticated and 
sometimes not! so i used Thread.sleep(1000) before i redirect user to 
the page; well it works better now, but i wanna know where is the 
problem. i myself guess when user is redirected to the page, shiro has 
not flushed the authenticated status to the session, but how can i be 
sure? and what is the solution?
i use spring, and this is my application context:

    <bean id="myRealm"
             class="com.amv.test.MyRealm">
    <property name="sessionFactory" ref="sessionFactory"></property>
    </bean>

    <bean id="securityManager"
    class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <!-- Single realm app. If you have multiple realms, use the 'realms'
    property
                 instead. -->
    <property name="realm" ref="myRealm" />
    <property name="sessionMode" value="native"/>
    <property name="sessionManager" ref="shiroSessionManager"/>
    <property name="cacheManager" ref="shiroCacheManager"/>
    </bean>

    <bean id="shiroCacheManager"
    class="org.apache.shiro.cache.ehcache.EhCacheManager">
    <property name="cacheManager" ref="ehCacheManager"/>
    </bean>

    <bean id="ehCacheManager"
            
    class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>

    <bean id="shiroSessionManager"
            
    class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
    <property name="sessionDAO" ref="shiroSessionDAO"/>
    <property name="sessionIdCookie" ref="shiroIdCookie"></property>
    </bean>

    <bean id="shiroSessionDAO"
            
    class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>

    <bean id="shiroIdCookie"
    class="org.apache.shiro.web.servlet.SimpleCookie">
    <property name="name" value="SSOcookie"></property>
    <property name="path" value="/"></property>
    </bean>

    <bean id="shiroFilter"
    class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager" />
    <property name="loginUrl" value="/../security/Login.jsp" />
    <property name="filterChainDefinitions">
    <value>
                     # some example chain definitions:
                     #/*.html = authc
                     /**/*.rpc =    authc
                     # more URL-to-FilterChain definitions here
    </value>
    </property>
    </bean>



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message