Re: Hessian WebService + Shiro

Fri, 26 Aug 2011 02:14:11 -0700 

Hello Les Hazlewood-2 and many thanks for your answer. I changed my code so
and Shiro stores authentication state.

I give *SessionID* back from my server service to client.

*My code in business logic to log in ;*
----------------------------------------------------------- 
public String  login(String username, String password){ 
                
  // some login code
  
   Session session = currentUser.getSession();
  
   return session.getId().toString()); 
}


*I add to each other request the SessionId in client.*

*My client side code;*
---------------------------------------------- 
public boolean  clientLogin() { 

  HessianProxyFactory factory = new HessianProxyFactory();

  String serviceURL = "http://localhost:8080/myWebServiceApp/userService";; 
  String testURL = "http://localhost:8080/myWebServiceApp/testService";;

  try {
     userService = (IUserService) factory.create(IUserService.class,
serviceURL);
     String sessionID = userService.login("admin", "admin");

     System.out.println("sessionID : " + sessionID); 
                        
     testService = (IUserService) factory.create(IUserService.class,
*testURL + "?JSESSIONID="+sessionID*);
                        
        testService.doSome();
        testService.dothing();
                        
   } catch (MalformedURLException e) { 
        e.printStackTrace(); 
   } 
}


Shiro remembers that I've already logged in, if I call another service.

*testService in business logic;*
---------------------------------------------- 
public void  doSome() { 
 // ..perform some  business logic
}

public void  doThing() { 
 // ..perform some  business logic
}


How it works wonderfully. I think that I need not Subject.execute, because I
have a WebProject in AppServer as a remoting mechanism. Or do I need it?

Secondly, I want to ask if my settings are correct for sessionManager,
sessionDAO and cacheManager in my scenario. Do I need these settings? What
should I set more?

I've read about org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
in the JavaDoc that 
“This implementation defaults to using an in-memory map-based {@code
CacheManager}, which is great for testing but will typically not scale for
production environments and could easily cause {@code
OutOfMemoryException}s. “
What should I choose instead?



--
View this message in context: 
http://shiro-user.582556.n2.nabble.com/Hessian-WebService-Shiro-tp6724250p6727963.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply via email to