Hi Richard, This is awesome! I was a bit confused by this thread until I realized that the ASF mailing lists strip off the code blocks - I have to see them in Nabble to make sense of it.
And yes, I have been crazy busy, but I'm still happy to help! I'm back on track and going through issues as we speak. Please definitely open a Jira bug for your issue - it will be forgotten entirely without it! Best, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Mon, Sep 9, 2013 at 9:09 AM, [email protected] <[email protected]>wrote: > So, this proved to be an interesting problem in debugging shiro.ini files. > My original approach did not work because setting > securityManager.rememberMeManager.cipherKey to a reference fails, with the > reference being treated as an actual value. I did find a solution in > extending the Remember Me Manager directly. > > Since this might help others debug similar issues in the future, I will go > into some details. > > First, here is a handy "debugger" that will print out reference vales in > the > shiro.ini file: > > Feel free to use a logger instead of System.out.println for output. > > Here is what did not work. In shiro.ini: > > > The debugger correctly prints that the cipher key is a different random > value each time, but securityManager.rememberMeManager.cipherKey uses the > actual string "$cipherKey" as the key, which is not random at all. > > RandomKey2 is a simple Factory method to produce a byte[] array: > > > I also tried a variation that produced a hex-encoded string, with the same > result: > > > After giving up on setting the key, I decided to set the Remember Me > Manager > itself, which does work. In shiro.ini: > > > The code for the RandomRememberMeManager is actually even simpler than my > first approach: > > > I would suggest that Shiro include something like this in its next release, > but I know Les has been too busy to get to the last patch I submitted. :) > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Randomized-key-for-RememberMe-token-tp7579078p7579118.html > Sent from the Shiro User mailing list archive at Nabble.com. >
