On Tue, May 8, 2012 at 12:37 PM, MattShaw <[email protected]>wrote:
> Thanks Les, > > The configurations are identical and so I would like to keep 1 .ini file. > Would it be possible to configure the session timeout for a standard non > web > session manager using the .ini file and offload the web session manager to > the servlet container timeout or configure it in the .ini file? What would > the syntax be? > The session management mechanisms are entirely different for the different environments. I'm not sure of a good way around this. Maybe implement the Shiro Factory interface to return an instance of the desired type depending on your environment? No current implementation exists for this - you'd have to write it yourself. The other approach is that you load a different INI config per environment. Don't forget that you can create an Ini instance programmatically and use that to initialize Shiro. This way, you could populate the INI config at runtime depending on environment - i.e. have helper methods for common/shared config, and have separate populating methods for the parts that are different. It's just an idea, but I think this would probably be easiest - easier than a Factory at least. > Do you want me to raise a JIRA issue as this problem is critical as it > currently let's through users who just don't enter a password using AD? > Sure, please feel free to enter one if one does not currently exist for it (please do a cursory search first to check). As an open source project, we do our best to address bugs in a timely manner, but as we are volunteers, we cannot guarantee any specific timeline. Commercial support may be an option if you need faster support. Best regards, -- Les Hazlewood CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood blog: http://leshazlewood.com stormpath blog: http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
