A DefaultWebSessionManager (and it's SessionDAO) is enabled explicitly in configuration. For example:
[main] shiro.loginUrl = /login.jsp sessionDAO = com.foo.my.impl.SessionDAO sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager sessionManager.sessionDAO = $sessionDAO #set the sessionManager on the securityManager: securityManager.sessionManager = $sessionManager You can obtain it at runtime by using reflection or casting: SessionManager sessionManager = ((DefaultWebSecurityManager)securityManager).getSessionManager(); SessionDAO sessionDAO = ((DefaultWebSessionManager)sessionManager).getSessionDAO(); HTH, -- Les Hazlewood CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood blog: http://leshazlewood.com stormpath blog: http://www.stormpath.com/blog<http://www.stormpath.com/blog/index> On Tue, May 8, 2012 at 11:53 AM, Warren Bell <[email protected]> wrote: > How do I get a hold of the SessionDAO implementation ? I see a > DefaultWebSessionManager, how do I get to that ? > > Thanks, > > Warren Bell > > On 5/8/12 11:18 AM, Les Hazlewood wrote: > > There isn't anything built-in per se. However, if you're using Shiro's > > native session management, and you use a queryable session data store > > (SessionDAO), you can query for any session within the session timeout > > owned by a particular user. > > > > If there is a session for that end-user, then they are using the app, and > > another authentication should be prevented. > > > > If you have any ideas of how this might be able to be supported by Shiro > > natively (code patches welcome of course!), I'd love to investigate the > > possibility of including it. > > > > Cheers, > > > > -- > > Les Hazlewood > > CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> | > > 888.391.5282 > > twitter: @lhazlewood | http://twitter.com/lhazlewood > > blog: http://leshazlewood.com > > stormpath blog: > > http://www.stormpath.com/blog<http://www.stormpath.com/blog/index> > > > > On Mon, May 7, 2012 at 6:20 PM, Warren Bell <[email protected]> > wrote: > > > >> Is there anything built into Shiro that will keep a user from logging > >> into more than one device at a time ? I have another non Shiro app that > >> I wrote that does this. I had to keep track of users, sessions and > >> devices. It would be nice if Shiro has something like this built in. > >> > >> -- > >> Thanks, > >> > >> Warren Bell > >> > > >
