Because the Servlet API does not have the notion of a global SessionListener construct as Shiro does, you first have to ensure that you're using native sessions:
defaultWebSecurityManager.setSessionMode(DefaultWebSecurityManager.NATIVE_SESSION_MODE); After you've made this call, then you can do the following: ((AbstractNativeSessionManager)defaultWebSecurityManager.getSessionManager()).setSessionListeners(mySessionListenerList); If it is possible to use the INI config, I highly recommend it as it will often simplify your config efforts (no need to cast classes, etc). Here is the above w/ INI config: [main] sessionListener1 = com.my.session.listener.Implementation # as many SessionListeners as you want ... sessionListenerN = com.my.other.session.listener.Implementation securityManager.sessionMode = native securityManager.sessionManager.sessionListeners = $sessionListener1, ..., $sessionListenerN Also note that INI config does not need to be embedded in web.xml if you don't want it to be. The IniShiroFilter supports an alternative 'configPath' init-param that allows you to specify any location you want using classpath:, file: or url: prefixes to point to any of those respective resource locations. Cheers, Les On Wed, May 26, 2010 at 1:10 AM, Aleksey Didik <[email protected]> wrote: > Hello all, > I'm tring to find the way to attach some session listeners to my security > manager. > I use Shiro in my web app and use DefaultWebSecurityManager. > But I configure it manually, not with ini in web.xml. > > Please, help :) > > Best regards, > Aleksey. >
