Re: Session Management For SOAP/REST APIs

Tue, 08 Jan 2013 02:38:45 -0800

With container session management, the client must provide the cookie that the first request (usually log-in) returns. 

PP

On 01/08/2013 04:49 AM, sudheer kumar komirishetty wrote:

Thanks Paulo.
One more question though: For a single REST / SOAP call we could rely on the container session or native shiro session, but how can we maintain a session across multiple REST/SOAP calls ? Do we have to write our custom logic similar to ThreadContext that is provided by Shiro. 

Regards,
Sudheer.
On Mon, Jan 7, 2013 at 8:23 PM, Paulo Pires <[email protected] <mailto:[email protected]>> wrote: 

    Btw, shiro.ini is a little bit outdated, since I was using Shiro
    1.2.0 which had a bug with password matching, temporarily fixed by
    Les (
    passwordMatcher=org.apache.shiro.authc.credential.TempFixPasswordMatcher).
    You can change to the original PasswordMatcher as this was fixed
    in 1.2.1.

    Also, I've simplified the datasource configuration in order to use
    a JDBC Resource from my container (through JNDI):

        ds = org.apache.shiro.jndi.JndiObjectFactory
        ds.resourceName = jdbc/myDS

        ## the actual authentication realm
        jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
        jdbcRealm.permissionsLookupEnabled = true
        jdbcRealm.authenticationQuery = SELECT password FROM
        public.USERS WHERE username = ?
        jdbcRealm.userRolesQuery = SELECT role_name FROM
        public.USERS_ROLES WHERE username = ?
        jdbcRealm.permissionsQuery = SELECT permission_name FROM
        public.ROLES_PERMISSIONS WHERE role_name = ?
        jdbcRealm.credentialsMatcher = $passwordMatcher
        jdbcRealm.dataSource=$ds
        securityManager.realms = $jdbcRealm

    PP


    On 01/07/2013 02:41 PM, Paulo Pires wrote:

    You can use native Shiro session management or since it's a
    webapp, your container session management facilities.

    I for one, use Shiro for authentication purposes but rely on the
    container for session stuff, since it's easier to clusterize.

    Regarding examples, you'll find mine at
    https://github.com/pires/simple-shiro-web-app

    PP

    On Mon 07 Jan 2013 02:37:05 PM WET, sudheer kumar komirishetty
    wrote:

    Hi,

    I am a newbie to Shiro. I would like to know how can achieve
    session
    management for handling SOAP/REST calls.
    Is there any sample project that I can refer ?

    Thanks in Advance,
    Sudheer.

Reply via email to