shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <>
Subject Re: SessionListeners with Spring and a Swing Desktop
Date Fri, 12 Nov 2010 03:12:31 GMT
> Actually I realized that the autoCreate after the session expires is what I
> want to work, I could care less about the SessionListener (but it might be
> nice to see how to do that).

This works out of the box with Shiro 1.x.  If the SecurityManager
encounters an InvalidSessionException when creating a Subject
instance, it will log the exception and return the Subject instance
without a session.  So the next call to subject.getSession() will
create a new session.

In JSecurity this used to be done in the JSecurityFilter, but that
logic has since been pushed down into the SecurityManager
implementation because it was a feature that was desired in most
application environments, and not just web applications.

Does that help answer your question?


Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:

> I see everywhere this is the default behavior but its not working for me. I
> am assuming I did something wrong even though my app mirror's your spring
> example exactly
> So if I can simply ask a question;
> How do I enable the autoCreate after session expired using it the
> DefaultWebSecurityManager in native mode using Spring and a Swing Desktop?
> is it with a specific Filter? I seen a few posts that said JSecurityFilter
> does this but there is no more JSecurity anything and there are no examples
> that look to have such a filter
> Brian
> --
> View this message in context:
> Sent from the Shiro User mailing list archive at

View raw message