First off I want to say that the sha256credentialsmatcher isn't used anymore, and you should look at passwordService and PasswordMatcher.
Next I want to say that RememberMe requires a cookie on the web, but not too sure about ewhat's fully needed for a client application. I would search for rememberme i shiro to find the doc about it. > Date: Wed, 8 Oct 2014 18:51:38 -0700 > From: [email protected] > To: [email protected] > Subject: Apache shiro remember me not working > > Im trying to use the rememberme feature from apache shiro, but its not > working. > > I have this shiro.ini > > [main] > ds = org.apache.shiro.jndi.JndiObjectFactory > ds.requiredType = javax.sql.DataSource > ds.resourceName = java:/comp/env/jdbc/myDS > > > # JDBC realm config > jdbcRealm = br.com.myproject.web.service.security.JdbcRealmImpl > jdbcRealm.permissionsLookupEnabled = true > jdbcRealm.authenticationQuery = SELECT password FROM user WHERE username = ? > AND status = 1 > jdbcRealm.dataSource = $ds > > sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher > jdbcRealm.credentialsMatcher = $sha256Matcher > securityManager.realms = $jdbcRealm > > [urls] > /** = authcBasic > This is my JdbcRealmImpl: > > public class JdbcRealmImpl extends JdbcRealm { > > public JdbcRealmImpl() { > super(); > } > > @Override > protected AuthenticationInfo doGetAuthenticationInfo( > final AuthenticationToken token) throws AuthenticationException > { > > final AuthenticationInfo info = > super.doGetAuthenticationInfo(token); > > final UserDB userDB = new UserDB(); > final User user = userDB.getUserByUsername((String) > token.getPrincipal()); > > return new SimpleAuthenticationInfo(user, info.getCredentials(), > getName()); > } > > } > Since this is a web service project i have a login service: > > @POST > @Path("/login") > public Response login(@FormParam("username") final String username, > @FormParam("password") final String password, @FormParam("remember") final > boolean remember) { > > final Subject currentUser = SecurityUtils.getSubject(); > > if (!currentUser.isAuthenticated()) { > final UsernamePasswordToken token = new > UsernamePasswordToken(username, password); > try { > token.setRememberMe(remember); > currentUser.login(token); > } catch (final AuthenticationException e) { > return Response.status(Status.BAD_REQUEST).entity("Invalid > user").build(); > } > } > > return Response.ok().build(); > } > > The problem is that SecurityUtils.getSubject().isRemembered() always return > false even when i set token.setRememberMe(true); > > Is there any configuration that im missing? > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Apache-shiro-remember-me-not-working-tp7580273.html > Sent from the Shiro User mailing list archive at Nabble.com.
