else try like this it works............
<bean id="securityManager" class="org.apache.shiro.mgt.DefaultSecurityManager">
<property name="realm" ref="myRealm"/>
<property name="sessionManager.globalSessionTimeout" value="3600000" />
</bean>
On Sat, Jul 13, 2013 at 9:29 PM, Albert Kam <[email protected]>wrote:
> Ah, i noticed now that i didnt use the web beans.
> I have changed both the session and security manager to the Web ones.
> Also following your example and the doc, i have configure to use the
> sessionMode = native also.
> And also, to make all these work in the web env, i placed the minimal
> shiro filter
> <bean id="shiroFilter"
> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
> <property name="securityManager" ref="securityManager"/>
> </bean>
> and also put the filter + the filter mapping in the web.xml
>
> The good news is that i can see the log outputs from my sessionDAO upon
> every request,
> and i can also see now the JSESSIONID and cookies are being sent from the
> browser now.
>
> I still have some problems but i think it's more appropriate to be
> discuseed in a new thread.
>
> Thanks so much for the help !
>
>
> On Sat, Jul 13, 2013 at 7:16 PM, Albert Kam <[email protected]>wrote:
>
>> Here are my configurations, sorry for not including them previously :
>>
>> <bean id="sha256Matcher"
>> class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
>> <property name="hashAlgorithmName" value="SHA-256" />
>> <property name="hashIterations" value="1024" />
>> <property name="storedCredentialsHexEncoded" value="false" />
>> </bean>
>>
>> <bean id="myCustomRealm" class="kam.albert.security.MyCustomRealm">
>> <property name="credentialsMatcher" ref="sha256Matcher" />
>> </bean>
>>
>> <bean id="sessionDAO" class="kam.albert.security.MyCustomShiroSessionDao"
>> />
>> <bean id="sessionManager"
>> class="org.apache.shiro.session.mgt.DefaultSessionManager">
>> <property name="globalSessionTimeout" value="3600000" /> <!-- 1 hour -->
>> <property name="sessionDAO" ref="sessionDAO" />
>> <property name="sessionValidationSchedulerEnabled" value="false" />
>> </bean>
>> <bean id="securityManager"
>> class="org.apache.shiro.mgt.DefaultSecurityManager">
>> <!-- Single realm app. If you have multiple realms, use the
>> 'realms' property instead. -->
>> <property name="realm" ref="myCustomRealm"/>
>> <property name="sessionManager" ref="sessionManager" />
>> </bean>
>> <bean id="lifecycleBeanPostProcessor"
>> class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
>> <bean
>> class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
>> <property name="staticMethod"
>> value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
>> <property name="arguments" ref="securityManager"/>
>> </bean>
>>
>>
>>
>> On Sat, Jul 13, 2013 at 7:12 PM, Nagaraju Kurma <
>> [email protected]> wrote:
>>
>>> can u send your code?
>>>
>>> or else u can refer this following code, which is perfectly working for
>>> me.
>>>
>>> <bean id="sessionManager"
>>> class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
>>> <property name="globalSessionTimeout" value="1000000"></property> <!--
>>> in milli sec-->
>>> <property name="sessionListeners">
>>> <util:list>
>>> <bean class="net.enh.auth.listener.SessionAwareListener"></bean>
>>> </util:list>
>>> </property>
>>> </bean>
>>>
>>> <bean id="securityManager"
>>> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
>>> <!-- <property name="cacheManager" ref="cacheManager" /> -->
>>> <property name="sessionMode" value="native" />
>>> <property name="realm" ref="postgressRealm" />
>>> <property name="sessionManager" ref="sessionManager"></property>
>>> </bean>
>>>
>>>
>>>
>>> On Sat, Jul 13, 2013 at 5:33 PM, Albert Kam <[email protected]>wrote:
>>>
>>>> I am currently using shiro + spring for a web application, with these
>>>> setups :
>>>> - my own realm
>>>> - a custom sessionDAO
>>>> - in sessionManager, 1 hour of timeout, false on
>>>> the sessionValidationSchedulerEnabled as i'm making use a custom TTL
>>>> mechanism in the background
>>>> - enable the static methods of SecurityUtils by setting the
>>>> securityManager manually in the spring xml
>>>> - using native sessions instead of web sessions
>>>> - since im using native sessions, i dont deploy shiro filters (is this
>>>> wrong?)
>>>>
>>>> One thing i notice is my session seems to timeout very quickly, only in
>>>> a matter of a few minutes, not per hour as globalSessionTimeout
>>>> configuration in the xml.
>>>> In the app, things are as normal, before login, isAuthenticated is
>>>> false, after login the subject is correct, the principal is fine, the
>>>> session is stored correctly, authentication works when doing login.
>>>>
>>>> So, what i did is trying to find out how shiro manages to 'remember'
>>>> who i am in subsequent requests by printing out cookies + req headers. But
>>>> i found nothing that relates to shiro being enable to remember me.
>>>>
>>>> I am still currenlty testing out with a single user.
>>>>
>>>> Please share your insights on what could be the culprit here.
>>>>
>>>> --
>>>> Do not pursue the past. Do not lose yourself in the future.
>>>> The past no longer is. The future has not yet come.
>>>> Looking deeply at life as it is in the very here and now,
>>>> the practitioner dwells in stability and freedom.
>>>> (Thich Nhat Hanh)
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Regards,****
>>>
>>> Nagaraju.
>>>
>>
>>
>>
>> --
>> Do not pursue the past. Do not lose yourself in the future.
>> The past no longer is. The future has not yet come.
>> Looking deeply at life as it is in the very here and now,
>> the practitioner dwells in stability and freedom.
>> (Thich Nhat Hanh)
>>
>
>
>
> --
> Do not pursue the past. Do not lose yourself in the future.
> The past no longer is. The future has not yet come.
> Looking deeply at life as it is in the very here and now,
> the practitioner dwells in stability and freedom.
> (Thich Nhat Hanh)
>
--
Regards,****
Nagaraju.
