shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: SessionListeners with Spring and a Swing Desktop
Date Fri, 12 Nov 2010 03:12:31 GMT
> Actually I realized that the autoCreate after the session expires is what I
> want to work, I could care less about the SessionListener (but it might be
> nice to see how to do that).

This works out of the box with Shiro 1.x.  If the SecurityManager
encounters an InvalidSessionException when creating a Subject
instance, it will log the exception and return the Subject instance
without a session.  So the next call to subject.getSession() will
create a new session.

In JSecurity this used to be done in the JSecurityFilter, but that
logic has since been pushed down into the SecurityManager
implementation because it was a feature that was desired in most
application environments, and not just web applications.

Does that help answer your question?

Cheers,

-- 
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com

>
> I see everywhere this is the default behavior but its not working for me. I
> am assuming I did something wrong even though my app mirror's your spring
> example exactly
>
> So if I can simply ask a question;
>
> How do I enable the autoCreate after session expired using it the
> DefaultWebSecurityManager in native mode using Spring and a Swing Desktop?
> is it with a specific Filter? I seen a few posts that said JSecurityFilter
> does this but there is no more JSecurity anything and there are no examples
> that look to have such a filter
>
> Brian
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/SessionListeners-with-Spring-and-a-Swing-Desktop-tp5715272p5715478.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>

Mime
View raw message