Here are my configurations, sorry for not including them previously :
<bean id="sha256Matcher"
class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="SHA-256" />
<property name="hashIterations" value="1024" />
<property name="storedCredentialsHexEncoded" value="false" />
</bean>
<bean id="myCustomRealm" class="kam.albert.security.MyCustomRealm">
<property name="credentialsMatcher" ref="sha256Matcher" />
</bean>
<bean id="sessionDAO" class="kam.albert.security.MyCustomShiroSessionDao" />
<bean id="sessionManager"
class="org.apache.shiro.session.mgt.DefaultSessionManager">
<property name="globalSessionTimeout" value="3600000" /> <!-- 1 hour -->
<property name="sessionDAO" ref="sessionDAO" />
<property name="sessionValidationSchedulerEnabled" value="false" />
</bean>
<bean id="securityManager"
class="org.apache.shiro.mgt.DefaultSecurityManager">
<!-- Single realm app. If you have multiple realms, use the 'realms'
property instead. -->
<property name="realm" ref="myCustomRealm"/>
<property name="sessionManager" ref="sessionManager" />
</bean>
<bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod"
value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<property name="arguments" ref="securityManager"/>
</bean>
On Sat, Jul 13, 2013 at 7:12 PM, Nagaraju Kurma <
[email protected]> wrote:
> can u send your code?
>
> or else u can refer this following code, which is perfectly working for me.
>
> <bean id="sessionManager"
> class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
> <property name="globalSessionTimeout" value="1000000"></property> <!-- in
> milli sec-->
> <property name="sessionListeners">
> <util:list>
> <bean class="net.enh.auth.listener.SessionAwareListener"></bean>
> </util:list>
> </property>
> </bean>
>
> <bean id="securityManager"
> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
> <!-- <property name="cacheManager" ref="cacheManager" /> -->
> <property name="sessionMode" value="native" />
> <property name="realm" ref="postgressRealm" />
> <property name="sessionManager" ref="sessionManager"></property>
> </bean>
>
>
>
> On Sat, Jul 13, 2013 at 5:33 PM, Albert Kam <[email protected]>wrote:
>
>> I am currently using shiro + spring for a web application, with these
>> setups :
>> - my own realm
>> - a custom sessionDAO
>> - in sessionManager, 1 hour of timeout, false on
>> the sessionValidationSchedulerEnabled as i'm making use a custom TTL
>> mechanism in the background
>> - enable the static methods of SecurityUtils by setting the
>> securityManager manually in the spring xml
>> - using native sessions instead of web sessions
>> - since im using native sessions, i dont deploy shiro filters (is this
>> wrong?)
>>
>> One thing i notice is my session seems to timeout very quickly, only in a
>> matter of a few minutes, not per hour as globalSessionTimeout configuration
>> in the xml.
>> In the app, things are as normal, before login, isAuthenticated is false,
>> after login the subject is correct, the principal is fine, the session is
>> stored correctly, authentication works when doing login.
>>
>> So, what i did is trying to find out how shiro manages to 'remember' who
>> i am in subsequent requests by printing out cookies + req headers. But i
>> found nothing that relates to shiro being enable to remember me.
>>
>> I am still currenlty testing out with a single user.
>>
>> Please share your insights on what could be the culprit here.
>>
>> --
>> Do not pursue the past. Do not lose yourself in the future.
>> The past no longer is. The future has not yet come.
>> Looking deeply at life as it is in the very here and now,
>> the practitioner dwells in stability and freedom.
>> (Thich Nhat Hanh)
>>
>
>
>
> --
>
> Regards,****
>
> Nagaraju.
>
--
Do not pursue the past. Do not lose yourself in the future.
The past no longer is. The future has not yet come.
Looking deeply at life as it is in the very here and now,
the practitioner dwells in stability and freedom.
(Thich Nhat Hanh)
