Hi Tauren, Yes, WebRememberMeManager has been deprecated in favor of the new CookieRememberMeManager which uses a new Cookie property and not the (now deprecated) CookieAttribute concept. CookieAttribute was complex and confusing. The new Cookie interface and implementation in comparison are much easier to understand and configure. So, if you extend CookieRememberMeManager, you should be closely back to where you were when you extended WebRememberMeManager.
As for the SubjectContext - it was added within the last two weeks to satisfy a technical requirement: the (now new) SubjectContext.resolve* method behavior was needed in multiple places across more than one OO hierarchy. So, we either had to copy-n-paste logic (yuck) or consolidate it into a component. The SubjectContext satisfies this need and will stay in place instead of the raw Map. Also note that for 1.0, we'll be removing all Deprecated classes and methods. Since we're wrapping up coding issues today (and possibly tomorrow), we'll be deleting them any time now. I hope that helps! Les On Tue, May 11, 2010 at 9:22 AM, Tauren Mills <[email protected]> wrote: > I'm just getting back to this issue now, and have updated to the latest > shiro snapshot. > When I started working on this, I had extended WebRememberMeManager, but it > looks like it is now depricated. What is the recommended approach at this > time? Should I be directly extending AbstractRememberMeManager? > I also wanted to point out that your example in this thread shows passing a > Map to getRememberedPrincipals, but in my experience I had to pass a > SubjectContext. Before I proceed further, I just want to make sure that I'm > heading down the proper path that will be supported in the future, and not > implement something that I'll have to change later. > Thanks! > Tauren > > > > > > > On Mon, Apr 19, 2010 at 12:14 PM, Les Hazlewood <[email protected]> > wrote: >> >> I committed a change to how cryptography works on Friday - that might >> have done something with it (we encrypt principals by default). >> However, all the test cases still passed and I know that we do have >> some test cases around remember me cookies (WebRememberMeManagerTest). >> >> Please open a Jira issue in the mean time so we don't lose it. I'll >> try to run the sample web app(s) to see if they exhibit the same >> behavior. >> >> Thanks! >> >> Les >> >> On Mon, Apr 19, 2010 at 10:57 AM, Tauren Mills <[email protected]> wrote: >> > It seems that my remember me function got broken at some point. All of >> > my >> > requests do not have the cookie they used to. I've tried logging off and >> > back in again, but still no cookie. This is >> > causing getRememberedPrincipals >> > to run with every single request. Obviously not good. >> > Any suggestions on how to track down where the remember me problem is >> > coming >> > from - why I'm not getting cookies? I haven't done much of anything with >> > Shiro for months now, and it used to work, so not sure what happened. >> > Was it >> > broken in some recent release that I may be using? >> > Thanks, >> > Tauren >> > On Mon, Apr 19, 2010 at 3:41 AM, Tauren Mills <[email protected]> >> > wrote: >> >> >> >> Les, >> >> Thanks, I'll look into doing this. Are there any examples of using an >> >> AuthenticationListener that I could reference? >> >> >> >> Tauren >> >> >> >> On Fri, Apr 16, 2010 at 9:10 AM, Les Hazlewood <[email protected]> >> >> wrote: >> >>> >> >>> Hi Tauren, >> >>> >> >>> You could implement an AuthenticationListener - I typically like to do >> >>> this for these kinds of operations. >> >>> >> >>> Since Shiro does not count remember me as a true authentication, the >> >>> AuthenticationListener will not be triggered for remember me events. >> >>> To do that you would also need to implement your own >> >>> RememberMeManager. Typically subclassing the default one and updating >> >>> the timestamp in the getRememberedPrincipals method would work: >> >>> >> >>> @Override >> >>> public PrincipalCollection getRememberedPrincipals(Map subjectContext) >> >>> { >> >>> PrincipalCollection principals = >> >>> super.getRememberedPrincipals(subjectContext); >> >>> if ( principals != null ) { >> >>> int userId = principals.getPrimaryPrincipal(); >> >>> //update the last login timestamp for user with this id here >> >>> } >> >>> } >> >>> >> >>> The above method is called only if the current Subject/session does >> >>> not yet have an identity associated with it. >> >>> >> >>> The AuthenticationListener + the above overridden method should do it! >> >>> >> >>> Cheers, >> >>> >> >>> Les >> >>> >> >>> On Thu, Apr 15, 2010 at 8:37 PM, Tauren Mills <[email protected]> >> >>> wrote: >> >>> > What would be the best way to update properties of a member on >> >>> > successful >> >>> > authentication? Basically, there is a Member.lastLogin property that >> >>> > I >> >>> > want >> >>> > updated with the current date every time a member comes back to a >> >>> > site >> >>> > and >> >>> > logs in. However, this should also support rememberme >> >>> > authentications. I >> >>> > don't necessarily want to update the lastLogin property on every >> >>> > single >> >>> > interaction the user has on the site, just once for each session. >> >>> > Is there some technique in Shiro to do this, a callback of some >> >>> > sort, >> >>> > or >> >>> > some other method? Or should I be doing this in my application? >> >>> > Also, I can't seem to view much of the documentation. All the links >> >>> > on >> >>> > the >> >>> > following page require an Apache login. Is it supposed to be this >> >>> > way? >> >>> > http://incubator.apache.org/shiro/core.html >> >>> > Thanks! >> >>> > Tauren >> >>> > >> >>> > >> >> >> > >> > > >
