how to redirect to previous activity page once the user logged in after session timeout
On Thu, Jun 20, 2013 at 9:09 PM, [email protected] <[email protected]>wrote: > Hi, Dave. > > I am also new to Shiro, but have a similar problem of needing to have > various applications authenticate with each other behind a reverse proxy > (Nginx), in addition to having users log in with passwords. In our case we > are giving out API keys to each application for working with each other > application. The application name and API key are handled exactly like a > username and password, but in a separate realm. This separation is > essentially to keep the namespaces separate, but also always for special > handling as needed. We store the separate realms in separate databases, > but > the schema is similar for both. > > In our case, we have a base abstract resource class that the user and the > app classes inherit from. The concrete classes just read credentials from > different fields and pass them along to a common handler. For example: > > The concrete classes define the PRINCIPAL and CREDENTIAL constants > differently. If you need to read from headers instead of JSON fields, you > would change the method to do that. > > In the abstract class: > > Note here that we have methods isValidPrincipal(principal) in each concrete > class to check as appropriate whether the username or application name are > valid. There is also a lot of custom logging for each class. > > In our test shiro.ini, for the realms configuration: > > > Note that I will be changing this in production so the passwords and keys > are not stored in plaintext in the database, but this gives you the general > idea of our prototype. > > I hope that gives you an idea for one approach to this problem. Good luck. > > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Architecture-Help-tp7578861p7578863.html > Sent from the Shiro User mailing list archive at Nabble.com. > -- Regards,**** Nagaraju.
