> Actually I realized that the autoCreate after the session expires is what I > want to work, I could care less about the SessionListener (but it might be > nice to see how to do that).
This works out of the box with Shiro 1.x. If the SecurityManager encounters an InvalidSessionException when creating a Subject instance, it will log the exception and return the Subject instance without a session. So the next call to subject.getSession() will create a new session. In JSecurity this used to be done in the JSecurityFilter, but that logic has since been pushed down into the SecurityManager implementation because it was a feature that was desired in most application environments, and not just web applications. Does that help answer your question? Cheers, -- Les Hazlewood Founder, Katasoft, Inc. Application Security Products & Professional Apache Shiro Support and Training: http://www.katasoft.com > > I see everywhere this is the default behavior but its not working for me. I > am assuming I did something wrong even though my app mirror's your spring > example exactly > > So if I can simply ask a question; > > How do I enable the autoCreate after session expired using it the > DefaultWebSecurityManager in native mode using Spring and a Swing Desktop? > is it with a specific Filter? I seen a few posts that said JSecurityFilter > does this but there is no more JSecurity anything and there are no examples > that look to have such a filter > > Brian > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/SessionListeners-with-Spring-and-a-Swing-Desktop-tp5715272p5715478.html > Sent from the Shiro User mailing list archive at Nabble.com. >
