Dan,
You're running into the following code in Shiro:
/** * Utility method available to subclasses that wish to * assign
a generated session ID to the session instance directly. This method is not
used by the * {@code AbstractSessionDAO} implementation directly, but it is
provided so subclasses don't * need to know the {@code Session}
implementation if they don't need to. * <p/> * This default
implementation casts the argument to a {@link SimpleSession}, Shiro's default
EIS implementation. * * @param session the session instance to which
the sessionId will be applied * @param sessionId the id to assign to the
specified session instance. */ protected void assignSessionId(Session
session, Serializable sessionId) { ((SimpleSession)
session).setId(sessionId); }
Since the session ID is immutable in the Session interface, Shiro has to cast
to a specific implementation in order to set the session ID (I think that's a
bit of a design flaw, but at the same time you don't want normal business code,
which is written against the Session interface, to be able to change the
ID). I'm not sure how many different places in the codebase make similar
assumptions about the Session implementation, but I think you'll have to create
subclasses and override such methods with your own implementations that know
how to interact with your own Session implementation. Another option would be
to have your implementation extend SimpleSession, if your goal is to add more
details to your session without removing any.
That said, since you can assign arbitrary attributes to a session, I don't
think people run into a need to replace the Session implementation very often.
Is there some specific shortcoming you're trying to address? Providing a little
additional information about your goals might help the Shiro developers know
how to enhance Shiro in the future to make its default implementation more
versatile.
Best regards,Bryan TurnerKatasoft, Inc
> Date: Thu, 22 Sep 2011 11:53:03 -0700
> From: [email protected]
> To: [email protected]
> Subject: Replacing SimpleSession
>
> Hi --
>
> In my shiro.ini file, I have
>
> sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> sessionFactory= com.security.MySimpleSessionFactory
> securityManager.sessionManager.sessionFactory = $sessionFactory
> securityManager.sessionManager.sessionDAO = $sessionDAO
>
> to define my own "simple session" -- it basically for now just a copy of
> shiro's SimpleSessionFactory and SimpleSession classes under new names.
> Later, I plan to override the reading and writing.
>
> But when I run, it displays this stacetrace:
>
> javax.servlet.ServletException: Filtered request failed.
>
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:299)
>
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)
>
> root cause
>
> java.lang.ClassCastException: com.security.MySimpleSession cannot be cast to
> org.apache.shiro.session.mgt.SimpleSession
>
> org.apache.shiro.session.mgt.eis.AbstractSessionDAO.assignSessionId(AbstractSessionDAO.java:146)
>
> org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO.doCreate(EnterpriseCacheSessionDAO.java:65)
>
> org.apache.shiro.session.mgt.eis.AbstractSessionDAO.create(AbstractSessionDAO.java:116)
>
> org.apache.shiro.session.mgt.eis.CachingSessionDAO.create(CachingSessionDAO.java:184)
>
> org.apache.shiro.session.mgt.DefaultSessionManager.create(DefaultSessionManager.java:177)
>
> org.apache.shiro.session.mgt.DefaultSessionManager.doCreateSession(DefaultSessionManager.java:158)
>
> org.apache.shiro.session.mgt.AbstractValidatingSessionManager.createSession(AbstractValidatingSessionManager.java:136)
>
> org.apache.shiro.session.mgt.AbstractNativeSessionManager.start(AbstractNativeSessionManager.java:56)
>
> org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:121)
>
> org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:306)
>
> org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSession(ShiroHttpServletRequest.java:147)
>
> org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSession(ShiroHttpServletRequest.java:163)
> com.server.FxFilter.doFilter(FxFilter.java:139)
>
> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:364)
>
> I'm not sure if what I'm doing is legal -- should I be able to replace
> SimpleSession with my own implementation?
>
> Thanks,
> Dan
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Replacing-SimpleSession-tp6821516p6821516.html
> Sent from the Shiro User mailing list archive at Nabble.com.
