Apologies, I'm not entirely sure what my e-mail client did to that poor
message. Reformatted below. Hopefully it will be more legible this time.
Best regards,
Bryan Turner
Katasoft, Inc
On Sep 22, 2011, at 12:05 PM, Bryan Turner wrote:
Dan,
You're running into the following code in Shiro:
/**
* Utility method available to subclasses that wish to
* assign a generated session ID to the session instance directly. This
method is not used by the
* {@code AbstractSessionDAO} implementation directly, but it is provided so
subclasses don't
* need to know the {@code Session} implementation if they don't need to.
* <p/>
* This default implementation casts the argument to a {@link
SimpleSession}, Shiro's default EIS implementation.
*
* @param session the session instance to which the sessionId will be
applied
* @param sessionId the id to assign to the specified session instance.
*/
protected void assignSessionId(Session session, Serializable sessionId) {
((SimpleSession) session).setId(sessionId);
}
Since the session ID is immutable in the Session interface, Shiro has to cast
to a specific implementation in order to set the session ID (I think that's a
bit of a design flaw, but at the same time you don't want normal business code,
which is written against the Session interface, to be able to change the ID).
I'm not sure how many different places in the codebase make similar assumptions
about the Session implementation, but I think you'll have to create subclasses
and override such methods with your own implementations that know how to
interact with your own Session implementation. Another option would be to have
your implementation extend SimpleSession, if your goal is to add more details
to your session without removing any.
That said, since you can assign arbitrary attributes to a session, I don't
think people run into a need to replace the Session implementation very often.
Is there some specific shortcoming you're trying to address? Providing a little
additional information about your goals might help the Shiro developers know
how to enhance Shiro in the future to make its default implementation more
versatile.
Best regards,
Bryan Turner
Katasoft, Inc
> Date: Thu, 22 Sep 2011 11:53:03 -0700
> From: [email protected]
> To: [email protected]
> Subject: Replacing SimpleSession
>
> Hi --
>
> In my shiro.ini file, I have
>
> sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> sessionFactory= com.security.MySimpleSessionFactory
> securityManager.sessionManager.sessionFactory = $sessionFactory
> securityManager.sessionManager.sessionDAO = $sessionDAO
>
> to define my own "simple session" -- it basically for now just a copy of
> shiro's SimpleSessionFactory and SimpleSession classes under new names.
> Later, I plan to override the reading and writing.
>
> But when I run, it displays this stacetrace:
>
> javax.servlet.ServletException: Filtered request failed.
>
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:299)
>
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)
>
> root cause
>
> java.lang.ClassCastException: com.security.MySimpleSession cannot be cast to
> org.apache.shiro.session.mgt.SimpleSession
>
> org.apache.shiro.session.mgt.eis.AbstractSessionDAO.assignSessionId(AbstractSessionDAO.java:146)
>
> org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO.doCreate(EnterpriseCacheSessionDAO.java:65)
>
> org.apache.shiro.session.mgt.eis.AbstractSessionDAO.create(AbstractSessionDAO.java:116)
>
> org.apache.shiro.session.mgt.eis.CachingSessionDAO.create(CachingSessionDAO.java:184)
>
> org.apache.shiro.session.mgt.DefaultSessionManager.create(DefaultSessionManager.java:177)
>
> org.apache.shiro.session.mgt.DefaultSessionManager.doCreateSession(DefaultSessionManager.java:158)
>
> org.apache.shiro.session.mgt.AbstractValidatingSessionManager.createSession(AbstractValidatingSessionManager.java:136)
>
> org.apache.shiro.session.mgt.AbstractNativeSessionManager.start(AbstractNativeSessionManager.java:56)
>
> org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:121)
>
> org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:306)
>
> org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSession(ShiroHttpServletRequest.java:147)
>
> org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSession(ShiroHttpServletRequest.java:163)
> com.server.FxFilter.doFilter(FxFilter.java:139)
>
> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:364)
>
> I'm not sure if what I'm doing is legal -- should I be able to replace
> SimpleSession with my own implementation?
>
> Thanks,
> Dan
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Replacing-SimpleSession-tp6821516p6821516.html
> Sent from the Shiro User mailing list archive at Nabble.com.
