First off, I understand that the view of the Shiro developers is that
remember me is not typically a good idea from a security standpoint.
That said, I'm using the remember me functionality. :)
Upon successful login (not remember me), my app stores some data in the
HttpSession. This data is required later for app pages to load properly.
I'd like to have this data stored in the HttpSession upon successful
remember me authentication as well, but I can't seem to find a callout to do
it with. I'm not sure if I'm missing it or not, but ideally it would be a
method that is called once when the remember me authentication happens.
For the time being I've overridden
AbstractRememberMeManager.getRememberedPrincipals() with something like this
(pseudo):
public PrincipalCollection getRememberedPrincipals() {
PrincipalCollection ps = super.getRememberedPrincipals();
HttpServletRequest req = (HttpServletRequest)
WebUtils.getRequiredServletRequest();
req.getSession().setAttribute("foo", 42);
req.getSession().setAttribute("bar", "baz");
return ps;
}
It looks like the above method gets called every time a secured resource is
requested, which is not desirable in my use case.
FYI, I'm using the Grails Shiro plugin.
Thanks for any ideas/suggestions. :)
Jon
--
View this message in context:
http://n2.nabble.com/Callout-for-remember-me-tp4610313p4610313.html
Sent from the Shiro User mailing list archive at Nabble.com.
