hi Les Hazlewood, how to specify maximum user session for the login like in spring as follows
<security:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" expired-url="/loginform.do" /> i am assuming that there is a way in apache shiro, how to configure this behaviour in apache shiro security api please guide me. thanking u. :) On Thu, Jul 4, 2013 at 12:12 AM, Nagaraju Kurma < [email protected]> wrote: > Hi Les Hazlewood, > i am very much happy to see your reply and thankful to you.. > > i checked that sample web application and it is working very much > properly, as you said shiroFilter only doing that becoz there is no > separate configauration for that. > > there they are using shiro.ini file to maintain the data where in our > application we are maintaining ElasticSearch only this one is the > difference which no where dependent. > > i am using shiroFilter in web.xml as our sample web application but in my > application i am not getting that bread crumbs effect, could you pls > suggest me? > > i am not sure that my configuration is 100% currecct, please help me out > in this. > > here is my web.xml file > ---------------------------------- > > <?xml version="1.0" encoding="UTF-8"?> > <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:jsp=" > http://java.sun.com/xml/ns/javaee/jsp"; > xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee > http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; > version="2.5"> > <display-name>spring freemarker</display-name> > <context-param> > <param-name>spring.profiles.default</param-name> > <param-value>production</param-value> > </context-param> > <listener> > > <listener-class>net.enhancesys.auth.listeners.SystemOptionsUtilitiesListener</listener-class> > </listener> > <listener> > > <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> > </listener> > <listener> > <listener-class>freemarker.ext.jsp.EventForwarding</listener-class> > </listener> > <filter> > <filter-name>shiroFilter</filter-name> > > <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> > <init-param> > <param-name>targetFilterLifecycle</param-name> > <param-value>true</param-value> > </init-param> > </filter> > <filter-mapping> > <filter-name>shiroFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > <listener> > > <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> > </listener> > <servlet> > <servlet-name>JQGridTranServlet</servlet-name> > > <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridTranServlet</servlet-class> > </servlet> > <servlet-mapping> > <servlet-name>JQGridTranServlet</servlet-name> > <url-pattern>/JQGridTranServlet</url-pattern> > </servlet-mapping> > <servlet> > <servlet-name>springServlet</servlet-name> > > <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> > <init-param> > <param-name>contextConfigLocation</param-name> > <param-value>/WEB-INF/applicationContext.xml</param-value> > </init-param> > <load-on-startup>1</load-on-startup> > </servlet> > <servlet-mapping> > <servlet-name>springServlet</servlet-name> > <url-pattern>/*</url-pattern> > </servlet-mapping> > <servlet> > <description></description> > <display-name>JQGridServlet</display-name> > <servlet-name>JQGridServlet</servlet-name> > > <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridServlet</servlet-class> > </servlet> > <servlet-mapping> > <servlet-name>JQGridServlet</servlet-name> > <url-pattern>/JQGridServlet</url-pattern> > </servlet-mapping> > <servlet> > <description></description> > <display-name>JQGridCallServlet</display-name> > <servlet-name>JQGridCallServlet</servlet-name> > > <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridCallServlet</servlet-class> > </servlet> > <servlet-mapping> > <servlet-name>JQGridCallServlet</servlet-name> > <url-pattern>/JQGridCallServlet</url-pattern> > </servlet-mapping> > <servlet> > <description></description> > <display-name>JQGridIncidentServlet</display-name> > <servlet-name>JQGridIncidentServlet</servlet-name> > > <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridIncidentServlet</servlet-class> > </servlet> > <servlet-mapping> > <servlet-name>JQGridIncidentServlet</servlet-name> > <url-pattern>/JQGridIncidentServlet</url-pattern> > </servlet-mapping> > <servlet> > <description></description> > <display-name>JQGridOrdersServlet</display-name> > <servlet-name>JQGridOrdersServlet</servlet-name> > > <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridOrdersServlet</servlet-class> > </servlet> > <servlet-mapping> > <servlet-name>JQGridOrdersServlet</servlet-name> > <url-pattern>/JQGridOrdersServlet</url-pattern> > </servlet-mapping> > <session-config> > <session-timeout>1</session-timeout> <!-- 1 min---> > </session-config> > </web-app> > > > here this session time out configuration is not getting effected into > application, so that i have configured in spring application context file > as shown below. > > shiro-security.xml > ------------------------------- > > <?xml version="1.0" encoding="UTF-8"?> > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:context=" > http://www.springframework.org/schema/context"; > xmlns:jee="http://www.springframework.org/schema/jee"; xmlns:tx=" > http://www.springframework.org/schema/tx"; > xmlns:jpa="http://www.springframework.org/schema/data/jpa"; > default-lazy-init="true" xmlns:jdbc=" > http://www.springframework.org/schema/jdbc"; > xmlns:util="http://www.springframework.org/schema/util"; xmlns:mvc=" > http://www.springframework.org/schema/mvc"; > xsi:schemaLocation="http://www.springframework.org/schema/jee > http://www.springframework.org/schema/jee/spring-jee-3.1.xsd > http://www.springframework.org/schema/jdbc > http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-3.1.xsd > http://www.springframework.org/schema/util > http://www.springframework.org/schema/util/spring-util-3.1.xsd > http://www.springframework.org/schema/data/jpa > http://www.springframework.org/schema/data/jpa/spring-jpa.xsd > http://www.springframework.org/schema/tx > http://www.springframework.org/schema/tx/spring-tx-3.1.xsd > http://www.springframework.org/schema/context > http://www.springframework.org/schema/context/spring-context-3.1.xsd";> > > <bean id="securityManager" > class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> > <!-- <property name="cacheManager" ref="cacheManager" /> --> > <property name="sessionMode" value="native" /> > <property name="realm" ref="elasticsearchRealm" /> > > <property name="sessionManager.globalSessionTimeout" > value="60000" /> > > > <!-- 1 min --> > > </bean> > > <bean > > class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" > depends-on="lifecycleBeanPostProcessor" /> > <bean > > class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> > <property name="securityManager" ref="securityManager" /> > </bean> > > <!-- <bean id="cacheManager" > class="org.apache.shiro.cache.ehcache.EhCacheManager" > /> --> > <bean id="elasticsearchRealm" > class="net.enhancesys.auth.realm.ElasticSearchAuthRealm"> > <property name="name" value="elasticsearchRealm" /> > <property name="featuresLookupEnabled" value="true"></property> > <property name="rolesLookupEnabled" value="true"></property> > <property name="credentialsMatcher"> > <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> > <property name="hashAlgorithmName" value="SHA-256" /> > <property name="storedCredentialsHexEncoded" value="false" /> > </bean> > </property> > </bean> > <bean > > class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> > <property name="securityManager" ref="securityManager" /> > </bean> > <bean id="shiroFilter" > class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> > <property name="securityManager" ref="securityManager" /> > <property name="loginUrl" value="/login" /> > <property name="successUrl" > value="redirect:/main/welcome1?cat=dashboard.summary" /> > <property name="unauthorizedUrl" value="/login" /> > <property name="filterChainDefinitions"> > <value> > /login = anon > /logout = logout > /** = authc > </value> > </property> > </bean> > </beans> > > please check this configuration and let me know the problem... > > thanking you :) > > > > On Wed, Jul 3, 2013 at 9:09 PM, Les Hazlewood <[email protected]>wrote: > >> Hi Nagaraju, >> >> This is automatically handled by the authentication filter(s) in Shiro: >> if they attempt to access a URL and are not logged in, the attempted URL is >> saved to their session. After login, Shiro will automatically redirect >> them back to the URL they originally tried to access. Shiro's basic sample >> web application demonstrates this behavior: >> >> https://svn.apache.org/repos/asf/shiro/branches/1.2.x/samples/web/ >> >> HTH, >> >> -- >> Les Hazlewood | @lhazlewood >> CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 >> >> >> On Tue, Jul 2, 2013 at 10:08 PM, Nagaraju Kurma < >> [email protected]> wrote: >> >>> sorry... i didnt get any situationlike that as of now. >>> please if u know help me here. >>> >>> my requirement is i need to implement the bread crumbs in apache shiro >>> security api, i referred tutorials but didnt reach my point. >>> >>> when session is timed out my application automatically redirects to >>> login page, when the person is relogged in then i need to show the >>> last activity but now from scrach... >>> >>> ex: user is doing operation like link1----> link-2 -------> link3 then >>> now timed out, after relogin i have to show link3 page but not link1.. >>> >>> can any body help me here.. >>> any help is appreciated, thanks :) >>> >>> On 7/3/13, Pillar <[email protected]> wrote: >>> > I created an intermediary Observable class that registers the Realm >>> (which >>> > implements the Oberserver interface) on startup. When a Controller >>> action >>> > that would modify permissions gets called, I invalidate the Observable >>> > which >>> > notifies the Realm, which clears the cache. >>> > >>> > I don't feel like it's enough indirection, but it works well. >>> > >>> > Thanks! >>> > >>> > >>> > >>> > -- >>> > View this message in context: >>> > >>> http://shiro-user.582556.n2.nabble.com/Updating-permissions-dynamically-at-runtime-tp7578886p7578888.html >>> > Sent from the Shiro User mailing list archive at Nabble.com. >>> > >>> >>> >>> -- >>> >>> >>> Regards,**** >>> >>> Nagaraju. >>> >> >> > > > -- > > Regards,**** > > Nagaraju. > -- Regards,**** Nagaraju.
