shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kersten Lorenz (Commented) (JIRA)" <>
Subject [jira] [Commented] (SHIRO-160) Flex integration with Shiro
Date Mon, 13 Feb 2012 21:31:00 GMT


Kersten Lorenz commented on SHIRO-160:

Hey Dave,

what do  you mean by:

"It works as long as you keep <per-client-authentication>false</per-client-authentication>
in flex/services-config."

"If you set this to true, flex will maintain multiple flex sessions per http session."

Do you know why? Because of the multiplet threads in the application server handling http

"The Shiro WebSessionManager will not understand this and log out every client when one client
logs out. I started a class called FlexSessionManager to address this. It is not complete
or tested so use at your own risk."  

Can you draft a short approach how to do this?

Best regards,
> Flex integration with Shiro
> ---------------------------
>                 Key: SHIRO-160
>                 URL:
>             Project: Shiro
>          Issue Type: New Feature
>          Components: Authentication (log-in), Authorization (access control) 
>    Affects Versions: Incubation
>            Reporter: david e. berry
>              Labels: Flex
>         Attachments: amf package layout.png, blazeds-war-1.0-SNAPSHOT.war, graniteds-war-1.0-SNAPSHOT.war,
shiroflex-1.2.0.tgz, shiroflex-war-1.0-SNAPSHOT.war, shiroflex.tgz, shiroflex.tgz
> Commiters,
> I have created the following classes that I used to integrate Shiro with Flex AMF. I
would like to contribute them to the shiro. Please let me know if there is interest and the
procedure for doing so. I have included the class names with a brief description of what they
do. They are currently outside of the Shiro code base that I checked out, but I could combine
them if interested.
> Best Regards,
> Dave 
> /* Authentication and Authorization need to let AMF Ping, Login, Logout messages pass
> without processing. They call FlexMessageHelper to introspect the binary message to see
if it is allowed to pass. 
> If not, normal Authentication, and Authorization takes place.
> */  
> public class FlexAuthenticationFilter extends AuthenticationFilter;
> public class FlexPermissionsAuthorizationFilter extends PermissionsAuthorizationFilter;
> public class FlexRolesAuthorizationFilter extends RolesAuthorizationFilter;
> /*Helper methods for introspecting the contents of the amf message. It is conceivable
that a security handler
> might need to introspect the contents of a request. It would be nice if Shiro wrapped
the request automatically so that anyone can read the contents without
> causing an end of stream error for a filter down the line. 
> Message helper deserializes the AMF message and checks to see if it is a PING, LOGON,
or LOGOUT request. 
> */ 
> public class FlexHttpServletRequestWrapper extends HttpServletRequestWrapper;
> public class FlexMessageHelper;
> /* Custom Flex Login command that calls Subject.login returns a Principal back to Flex.
> */
> public class FlexLoginCommand implements LoginCommand;
> public class FlexPrincipal implements Principal;

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message