<property name="sessionMode" value="jsecurity"/> This is required if the same session must be accessible across client technologies (web browser + Java Swing application + etc). If you don't require this, you should remove that property. Let me know if that works.
Regards, Les On Wed, Feb 4, 2009 at 12:46 PM, jvreeker <[email protected]> wrote: > > Spring xml looks like this > > <bean id="securityManager" > class="org.jsecurity.web.DefaultWebSecurityManager"> > <property name="realm" ref="poloRealm"/> > <property name="sessionMode" value="jsecurity"/> > </bean> > > <bean id="poloCredentialsMatcher" > class="polo.security.PoloCredentialsMatcher"> > <property name="userController" ref="userController"/> > </bean> > > <bean id="poloRealm" class="polo.security.PoloRealm"> > <property name="credentialsMatcher" ref="poloCredentialsMatcher"/> > </bean> > > <bean id="lifecycleBeanPostProcessor" > class="org.jsecurity.spring.LifecycleBeanPostProcessor"/> > > web.xml like this > > <?xml version="1.0" encoding="ISO-8859-1"?> > > <!DOCTYPE web-app > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > <web-app> > <context-param> > <param-name>contextConfigLocation</param-name> > <param-value>WEB-INF/beans.xml</param-value> > </context-param> > > <listener> > <listener-class> > > org.springframework.web.context.ContextLoaderListener > </listener-class> > </listener> > > <filter> > <filter-name>JSecurityFilter</filter-name> > <filter-class>org.jsecurity.spring.SpringJSecurityFilter</filter-class> > <init-param><param-name>config</param-name><param-value> > [main] > > </param-value></init-param> > </filter> > > <filter-mapping> > <filter-name>JSecurityFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > <servlet> > <servlet-name>CXFServlet</servlet-name> > <display-name>CXF Servlet</display-name> > <servlet-class> > org.apache.cxf.transport.servlet.CXFServlet > </servlet-class> > <load-on-startup>1</load-on-startup> > </servlet> > > <servlet> > <servlet-name>service</servlet-name> > <display-name>Dispatcher Servlet</display-name> > <servlet-class> > org.springframework.web.servlet.DispatcherServlet > </servlet-class> > <load-on-startup>1</load-on-startup> > </servlet> > > <servlet-mapping> > <servlet-name>CXFServlet</servlet-name> > <url-pattern>/*</url-pattern> > </servlet-mapping> > > <servlet-mapping> > <servlet-name>service</servlet-name> > <url-pattern>/service/*</url-pattern> > </servlet-mapping> > </web-app> > > > thanks, > Jelle > > > Les Hazlewood-2 wrote: > > > > Can we see the relevant parts of your web.xml and Spring xml > > configuration? > > Its hard to say without it... > > > > On Wed, Feb 4, 2009 at 12:07 PM, jvreeker <[email protected]> wrote: > > > >> > >> Hi Les, > >> > >> So I build in the JSecurityFilter, but If I use > >> SecurityUtils.getSubject().getSession() I still get different sessions. > I > >> am > >> need the same session, because if I am logged in I use the function > >> setAttribute. > >> TRACE org.jsecurity.session.mgt.DefaultSessionManager - Creating > session > >> for originating host [/192.168.0.37] > >> > >> Why is it still creating new sessions.? > >> > >> Jelle > >> > >> > >> Les Hazlewood-2 wrote: > >> > > >> > Hi Jelle, > >> > > >> > The appropriate set-up for a web-enabled application is to use the > >> > JSecurityFilter in web.xml. It will set up a > DefaultWebSecurityManager > >> > and > >> > do Request binding automatically: > >> > > >> > > >> > http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html > >> > > >> > After the filter is defined, just do this anywhere in code: > >> > > >> > SecurityUtils.getSubject(); > >> > > >> > You shouldn't interact with the SecurityManager directly unless you're > >> > programming infrastructure/framework code. > >> > > >> > Check out the sample web application in the jsecurity distribution and > >> > look > >> > at its web.xml file and applicationContext.xml file. It shows you how > >> to > >> > configure Realms and other things in Spring which will then be > >> accessible > >> > to > >> > the JSecurityFilter at runtime. > >> > > >> > Cheers, > >> > > >> > Les > >> > > >> > On Tue, Feb 3, 2009 at 12:17 PM, jvreeker <[email protected]> > >> wrote: > >> > > >> >> > >> >> Hi, > >> >> > >> >> I have a tomcat server, with spring using cxf to enable the soap > >> calls. > >> >> > >> >> So I have a soap call login. when I call securityManager.getSubject() > >> I > >> >> get > >> >> always the same subject back. > >> >> I though it was because I am using > >> >> org.jsecurity.mgt.DefaultSecurityManager. > >> >> > >> >> So I tried DefaultWebSecurityManager but then I am getting errors. > >> >> No ServletRequest found in ThreadContext. Make sure WebUtils.bind() > is > >> >> being > >> >> called. > >> >> > >> >> But in the first option if I use getSubject().GetSession it returns > >> >> different sessions. > >> >> should I then use SessionManager and the correct sessionID. > >> >> > >> >> Is this the correct way? > >> >> Thanks, > >> >> Jelle > >> >> -- > >> >> View this message in context: > >> >> http://n2.nabble.com/using-CXF-with-JSecurity-tp2264471p2264471.html > >> >> Sent from the JSecurity User mailing list archive at Nabble.com. > >> >> > >> >> > >> > > >> > > >> > >> -- > >> View this message in context: > >> http://n2.nabble.com/using-CXF-with-JSecurity-tp2264471p2270012.html > >> Sent from the JSecurity User mailing list archive at Nabble.com. > >> > >> > > > > > > -- > View this message in context: > http://n2.nabble.com/using-CXF-with-JSecurity-tp2264471p2270221.html > Sent from the JSecurity User mailing list archive at Nabble.com. > >
