[
https://issues.apache.org/jira/browse/SHIRO-798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17228814#comment-17228814
]
Pavel_K commented on SHIRO-798:
-------------------------------
[~bdemers] I work with activeSessions. For example, stop session
(session.stop()) when in DB account was disabled, or clear authorizationInfo
for those users that are logged in and whose roles were changed etc. I use
sessionDAO only to get active sessions.
> Improvement in Shiro API
> ------------------------
>
> Key: SHIRO-798
> URL: https://issues.apache.org/jira/browse/SHIRO-798
> Project: Shiro
> Issue Type: Improvement
> Affects Versions: 1.7.0
> Reporter: Pavel_K
> Priority: Major
> Fix For: 2.0.0
>
>
> This issue was inspired by [this
> thread|http://shiro-user.582556.n2.nabble.com/How-to-get-all-logged-in-Subjects-td7582249.html]
> in shiro user mailing list:
> I suggest:
>
> 1)To change API to open access to some top level objects, SessionManager,
> SessionDAO etc.
> (return null if some implementation doesn’t have one of them)
> 2) To separate SecurityManager from SessionManager (leave only has relation).
> API must be more flexible. Particularly for Shiro 2.0 that, as I understand,
> must support jpms. The main idea of jpms is to have a clear API and to hide
> implementation.
> If it is necessary to make casting and get implementations to get active
> sessions we can conclude that is necessary to improve API.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
