Re: Shiro "session" for EJB.

Tue, 27 May 2014 10:23:39 -0700 

Client needs to get / keep sessionId,
Server needs to buildSubject() with the sessionID and propagate tit throughout 
the EJB context

On May 27, 2014, at 1:07 PM, P82 wrote:

>> From  this post
> <http://grails.1312388.n4.nabble.com/Binding-Security-Manager-to-the-thread-context-and-Shiro-tp3217915p3218140.html>
>  
> : 
> Typically a subject is automatically created, bound and unbound for a
> thread by the ShiroFilter when servicing a web request.  If your logic
> is NOT triggered by a web request (e.g. via a startup or daemon
> thread, or different thread (e.g. ExecutorService or thread pool)),
> then you'll need to do the create/bind/unbind logic yourself.  See the
> Subject page for more information. 
> 
> So it means, as I understand that if we connect to EJB we must do the
> create/bind/unbind logic ourselves. As I understand we must send to server
> sessionId and use the following code:
> 
> /Subject subject = new
> Subject.Builder().sessionId(sessionId).buildSubject();/
> 
> However, testing my remote EJB from standalone client and calling testMe
> method several times I see that it keeps id and user is isAuthenticated.
> /public void testMe(){
> Subject currentUser = SecurityUtils.getSubject(); 
> if ( !currentUser.isAuthenticated() ) {
>            UsernamePasswordToken token = new
> UsernamePasswordToken("lonestarr", "vespa");
>            System.out.println("#0:"+currentUser.getSession().getId());
>            currentUser.login(token);
>        }else{
>            currentUser.logout();
>            System.out.println("I logged out");
>        }
>        System.out.println("#1:"+currentUser.getSession().getId());
> }
> /
> 
> When I call it first time from my client I have:
>  #0:f7b3117d-b4e0-4eef-9221-f99dbb87ecc2
>  #1:f7b3117d-b4e0-4eef-9221-f99dbb87ecc2
> When I call it second time from client I have:
>  I logged out
>  #1:2edcab36-cb97-4722-b91b-82ec225deb78
> Again:
>  #0:2edcab36-cb97-4722-b91b-82ec225deb78
>  #1:2edcab36-cb97-4722-b91b-82ec225deb78
> Again:
>  I logged out
>  #1:b92ba3f4-deb9-41f2-9a36-b571dc33f082]] 
> 
> So my question - should I send sessionId to server from client or shiro uses
> some mechanism to keep sessionId between client and server?
> 
> 
> 
> 
> --
> View this message in context: 
> http://shiro-user.582556.n2.nabble.com/Shiro-session-for-EJB-tp7579994.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>

Reply via email to