shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: Session Expiration
Date Mon, 26 Jan 2009 14:56:04 GMT
Sorry, I meant to write 'SecurityManager', not 'SubjectManager'.

In any event, I resolved that issue last night, with the functionality in
place.  You could try to check-out the project and build it yourself if you
want to live on the 'bleeding edge'.  Be aware though that odds are high
that things will change prior to the 1.0 release, but at least you can move
forward and then maybe change any necessary application code when 1.0 is
released.

Regards,

Les

On Mon, Jan 26, 2009 at 9:30 AM, jvreeker <jvreeker@vangennep.nl> wrote:

>
> Hi Les,
> I don't know how to implement something like the SubjectManager, can you
> give a short example of that
> Thanks,
>
> Jelle
>
>
> Les Hazlewood-2 wrote:
> >
> > Hi Jelle,
> >
> > In a web-environment, the JSecurityFilter does some automatic logic:
> >
> > when a request comes in, it tries to acquire the session associated with
> > the
> > request.  If the session is expired (catches an ExpiredSessionException),
> > it
> > automatically creates a new one.
> >
> > The DefaultSecurityManager, used in a non-web environment, does not
> > currently automatically perform this 'auto create if expired' logic.
>  I've
> > added a Jira issue to track this:
> > https://issues.apache.org/jira/browse/JSEC-46  as I feel it would be a
> > worthwhile improvement.
> >
> > In the meantime, you could always have a wrapper SubjectManager that you
> > interact with in your application that wraps the Subject.* calls (this is
> > a
> > good idea anyway, as it abstracts JSecurity's API away from your
> > application).  In that implementation, you could catch any
> > InvalidSessionException and then automatically create a new session and
> > return that.
> >
> > Please subscribe to the Jira issue if you want to see when the
> > functionality
> > will be available.
> >
> > Cheers,
> >
> > Les
> >
> > On Tue, Jan 20, 2009 at 10:05 AM, jvreeker <jvreeker@vangennep.nl>
> wrote:
> >
> >>
> >> I am using a spring service and hibernate.
> >>
> >> I have a credentialsMatcher that is using a DAO to check if the user
> >> exsist
> >> in the DB.
> >> I think i forget something!
> >>
> >> Jelle
> >>
> >>
> >> Les Hazlewood-2 wrote:
> >> >
> >> > Hi Jelle,
> >> >
> >> > What environment are you running in?  Is this a web application or
> >> > business-tier/standalone?
> >> >
> >> > Thanks,
> >> >
> >> > Les
> >> >
> >> > On Tue, Jan 20, 2009 at 8:50 AM, jvreeker <jvreeker@vangennep.nl>
> >> wrote:
> >> >
> >> >>
> >> >> I have some problems with expiration of a session.
> >> >> I created a login function.
> >> >>
> >> >> Subject currentUser = securityManager.getSubject();
> >> >> if (!currentUser.isAuthenticated())
> >> >> {
> >> >>        currentUser.login(usernamePasswordToken);
> >> >>
> >> >>        Session s = currentUser.getSession();
> >> >>
> >> >>        s.setTimeout( 600000);
> >> >>        s.setAttribute(CacheConstants.USEROBJECT, tmpData);
> >> >> }
> >> >> So timeout is 10 minutes.
> >> >> If I wait for more than 10 minutes and login again with the same user
> >> I
> >> >> always get ExpiredSessionException.
> >> >> How can I remove this session and login again and create a new
> >> Session.
> >> >>
> >> >> Thanks,
> >> >> Jelle
> >> >>
> >> >> --
> >> >> View this message in context:
> >> >> http://n2.nabble.com/Session-Expiration-tp2186574p2186574.html
> >> >> Sent from the JSecurity User mailing list archive at Nabble.com.
> >> >>
> >> >>
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >> http://n2.nabble.com/Session-Expiration-tp2186574p2186919.html
> >> Sent from the JSecurity User mailing list archive at Nabble.com.
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://n2.nabble.com/Session-Expiration-tp2186574p2218186.html
> Sent from the JSecurity User mailing list archive at Nabble.com.
>
>

Mime
View raw message