Btw, shiro.ini is a little bit outdated, since I was using Shiro 1.2.0
which had a bug with password matching, temporarily fixed by Les (
passwordMatcher=org.apache.shiro.authc.credential.TempFixPasswordMatcher).
You can change to the original PasswordMatcher as this was fixed in 1.2.1.
Also, I've simplified the datasource configuration in order to use a
JDBC Resource from my container (through JNDI):
ds = org.apache.shiro.jndi.JndiObjectFactory
ds.resourceName = jdbc/myDS
## the actual authentication realm
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = SELECT password FROM public.USERS
WHERE username = ?
jdbcRealm.userRolesQuery = SELECT role_name FROM public.USERS_ROLES
WHERE username = ?
jdbcRealm.permissionsQuery = SELECT permission_name FROM
public.ROLES_PERMISSIONS WHERE role_name = ?
jdbcRealm.credentialsMatcher = $passwordMatcher
jdbcRealm.dataSource=$ds
securityManager.realms = $jdbcRealm
PP
On 01/07/2013 02:41 PM, Paulo Pires wrote:
You can use native Shiro session management or since it's a webapp,
your container session management facilities.
I for one, use Shiro for authentication purposes but rely on the
container for session stuff, since it's easier to clusterize.
Regarding examples, you'll find mine at
https://github.com/pires/simple-shiro-web-app
PP
On Mon 07 Jan 2013 02:37:05 PM WET, sudheer kumar komirishetty wrote:
Hi,
I am a newbie to Shiro. I would like to know how can achieve session
management for handling SOAP/REST calls.
Is there any sample project that I can refer ?
Thanks in Advance,
Sudheer.
