Hello Les, What I mean by "logged in on other realms": Each realm implements doGetAuthenticationInfo(), that is in fact authenticates user and adds principals to his subject. What I want is to "deassociate" user from one of the realms. E.g. remove principals, associated with realm.
Why I need this: The project, I'm working on, is a MMO game with 2 applications (in fact there are more, but it's out of scope): web application and MMO server itself. MMO server is based on Smartfox and uses custom shiro realm. Web realm is based on shiro web extension. Sessions DAO and session id is the same for both applications. Each application is identified by own realm. I don't want to remove session on logout from one of the application, only remove it from certain realm. Thanks, Alex 2011/8/30 Les Hazlewood <[email protected]> > Hi Alex, > > I'm not sure what you mean by 'logged in on other realms'. By design, > a Realm is not usually stateful: it does not know who is logged in or > not. (Note however that a caching layer is provided to realms to > improve their performance, but this is optional and does not reflect > 'login state'). Who is logged in or not is determined based on > Session association. > > If your Realm implementation subclasses CachingRealm (as most do), the > onLogout method is called when a Subject explicitly logs out (i.e. > subject.logout()). By default, this merely clears any cached data for > that particular subject in that realm only. > > You can override this method for custom behavior if desired. > > Also note that the CachingRealm.onLogout method will not be called if > a Session times out (since that is not technically a logout, it is > disassociation by inactivity). The realm's onLogout method is called > only as a result of calling subject.logout(). > > HTH, > > -- > Les Hazlewood > CTO, Katasoft | http://www.katasoft.com | 888.391.5282 > twitter: @lhazlewood | http://twitter.com/lhazlewood > katasoft blog: http://www.katasoft.com/blogs/lhazlewood > personal blog: http://leshazlewood.com > > On Tue, Aug 30, 2011 at 8:42 AM, Alex Vasilenko <[email protected]> > wrote: > > Hello, > > I'm going to use multiple realms to authenticate users. And modular > logout > > from one realm, meanwhile being logged in other realms. > > Is it possible to logout in one realm only, without rewriting shiro? > > Thanks, > > Alex >
