This isn't something Shiro covers directly, but it possible with a little custom code
You could write a custom SessionDAO, or you could use an existing one, and just access the data store to query what you need. For example, if you used a DB, you could just query the DB. It should be similar with a something like Hazelcast too. On Thu, Nov 5, 2020 at 3:41 PM Alex Orlov <[email protected]> wrote: > Do I understand you right — you are talking about implementing custom > SessionDAO > and adding it to session manager? > > sessionDAO = com.foo.my.SessionDAO > securityManager.sessionManager.sessionDAO = $sessionDAO > > So, I always can a) get events when subject logs in (create) and logs out > (delete) 2) find currently logged in Subjects? > > > -- > Best regards, Alex Orlov > > > > Четверг, 5 ноября 2020, 23:12 +03:00 от Benjamin Marwell < > [email protected]>: > > It depends. > > I use jwt tokens. No chance here to invalidate them, but they get > invalidate pretty quickly anyway. > > But you can use any *distributed* session storage you like: a DBMS, a > memory grid like hazelcast, or create your own local storage and sync them > via jGroups, or even EJBs. It doesn't matter as long as all of the nodes > use the same single or synchronously updated storage. > > You can then iterate over all sessions in one of the nodes or via a > sidecar container/app and invalidate them. > > Just make sure you enter the session storage class in the shiro.ini. > > HTH > Ben > > On Thu, 5 Nov 2020, 20:47 Andreas Reichel, <[email protected] > <//e.mail.ru/compose/?mailto=mailto%3aandreas@manticore%2dprojects.com>> > wrote: > > Good evening Alex, > > in my understanding this is not possible: Shiro works on the client side > and provides an abstraction of authenticating/authorizing a client against > a server. > But you look for a registry of sessions on the server side. That should > not be Shiro's concern. > > Best regards > Andreas > > > On Thu, 2020-11-05 at 22:42 +0300, Alex Orlov wrote: > > Hi all, > > Could anyone say, how I can to get all logged in subjects. For example, > Subjects > have roles, roles have permissions. If in application a role were modified > dynamically > (for example in DB), I want to get all logged in subjects, iterate them, > find those, > who have this role, collect their principals and call in my realm method > clearCachedAuthorizationInfo(PrincipalCollection principals). > > > -- > Best regards, Alex Orlov > > > > >
