You don't want to touch the Session object returned by Subject.getSession() - it is a proxy back to the security manager. The 'real' Session instance saved to the data store is made available to the SessionDAO implementation.
You will want to perform all of your session CRUD operations in the SessionDAO. Any time any change is made to the session, the SessionDAO.update method will be called. - Les On Wed, Jun 16, 2010 at 1:01 PM, enabler <[email protected]> wrote: > > I think I may have found the issue. Working on fixing it. I think I need to > update the blob (session) for user's row in my RDBMS right after successful > login. > > Debug tells me that Shiro is doing > SecurityUtils.getSubject().isAuthenticated() check for later > readSession/update() (to load my app page). However, since my session blob > is not updated at the authentication (isAuthenticated() returns false) it > redirects to login page. If can update the blob, more than likely, my issue > will be resolved. So I would like to know what would be the correct way to > convert SecurityUtils.getSubject().getSession() so I can save it > Serializable in DB (as blob). > > > I've already tried: > Session ss = (Session) SecurityUtils.getSubject().getSession(); > updateBlobfortheUser((Serializable) ss); > > But I get Exception from org.apache.shiro.subject.DelegatingSubject. > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Unable-to-implement-create-read-update-session-tp5183219p5188009.html > Sent from the Shiro User mailing list archive at Nabble.com. >
