web+shiro+spring remoting
client side code
ctx = new
FileSystemXmlApplicationContext("/web/WEB-INF/remoting-client.xml");
DefaultSecurityManager securityManager = new DefaultSecurityManager();
SecurityUtils.setSecurityManager(securityManager);
LoginManagerRemote loginManager = (LoginManagerRemote)
ctx.getBean("loginManager");
String sessionId = null;
UserRemote user = loginManager.login();
sessionId = user.getSessionId();
log.info("user name: " + user.getName());
log.info("sesssionId: " + sessionId);
server side
public UserRemote login() {
UserBean user = new UserBean();
//get the currently executing user:
Subject currentUser = SecurityUtils.getSubject();
//Session session = currentUser.getSession(true);
//log.info(session.getId().toString());
//let's log in the current user so we can check against roles and
permissions:
if ( !currentUser.isAuthenticated() ) {
UsernamePasswordToken token = new UsernamePasswordToken("user1",
"user1" );
token.setRememberMe(true);
try {
currentUser.login(token);
token.clear();
user.setName("user1");
user.setSessionId(currentUser.getSession(false).getId().toString());
log.info(user.getSessionId());
} catch (UnknownAccountException uae) {
log.info( "There is no user with username of " +
token.getPrincipal() );
} catch ( IncorrectCredentialsException ice ) {
log.info("Password for account " + token.getPrincipal() + "
was incorrect!");
} catch ( LockedAccountException lae ) {
log.info("The account for username " + token.getPrincipal()
+ " is locked. " +
"Please contact your administrator to unlock it.");
}
// ... catch more exceptions here (maybe custom ones specific to
your application?
catch ( AuthenticationException ae ) {
//unexpected condition? error?
log.info(null, ae);
}
}
return user;
}
--
View this message in context:
http://n2.nabble.com/REST-or-remote-client-authentication-very-very-important-tp4101242p4102978.html
Sent from the Shiro User mailing list archive at Nabble.com.
