[
https://issues.apache.org/jira/browse/SHIRO-839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17412698#comment-17412698
]
Tuomas Kiviaho commented on SHIRO-839:
--------------------------------------
I just want to stop giving out new cookies immediate after opt-out and whether
or not having already valid cookie is irrelevant to me. Most likely a grace
period based on the length of the timeout is fine so there would not really be
a need for further ordeals on this matter.
I would be just customizing session manager via my own proxy with this feature
but I'd not need to patch the DelegatingSubject implementation itself since I'd
have the subject at my disposal.
> Access to current subject in security manager via thread local
> --------------------------------------------------------------
>
> Key: SHIRO-839
> URL: https://issues.apache.org/jira/browse/SHIRO-839
> Project: Shiro
> Issue Type: Improvement
> Components: Authorization (access control) , Session Management,
> Subject
> Reporter: Tuomas Kiviaho
> Priority: Major
>
> I'm trying gain subject based cookie control in session manager but it would
> be extremely clunky since I don't have access to subject context at the time
> cookie support is determined.
> Would it be possible to surround at least the SessionManager related methods
> (and perhapsĀ Authorizer as well) of DelegatingSubject with Subject::execute.
> This way there would not be API changes needed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
