Thank you all of you. I got the point.
--
Best regards, Alex Orlov
>Четверг, 5 ноября 2020, 23:53 +03:00 от Brian Demers <[email protected]>:
>
>This isn't something Shiro covers directly, but it possible with a little
>custom code
> You could write a custom SessionDAO, or you could use an existing one, and
>just access the data store to query what you need. For example, if you used a
>DB, you could just query the DB. It should be similar with a something like
>Hazelcast too.
>
>On Thu, Nov 5, 2020 at 3:41 PM Alex Orlov < [email protected] > wrote:
>>Do I understand you right — you are talking about implementing custom
>>SessionDAO
>>and adding it to session manager?
>>
>>sessionDAO = com.foo.my.SessionDAO
>>securityManager.sessionManager.sessionDAO = $sessionDAO
>>
>>So, I always can a) get events when subject logs in (create) and logs out
>>(delete) 2) find currently logged in Subjects?
>>
>>
>>--
>>Best regards, Alex Orlov
>>
>>
>>>Четверг, 5 ноября 2020, 23:12 +03:00 от Benjamin Marwell <
>>>[email protected] >:
>>>
>>>It depends.
>>>
>>>I use jwt tokens. No chance here to invalidate them, but they get invalidate
>>>pretty quickly anyway.
>>>
>>>But you can use any *distributed* session storage you like: a DBMS, a memory
>>>grid like hazelcast, or create your own local storage and sync them via
>>>jGroups, or even EJBs. It doesn't matter as long as all of the nodes use the
>>>same single or synchronously updated storage.
>>>
>>>You can then iterate over all sessions in one of the nodes or via a sidecar
>>>container/app and invalidate them.
>>>
>>>Just make sure you enter the session storage class in the shiro.ini.
>>>
>>>HTH
>>>Ben
>>>On Thu, 5 Nov 2020, 20:47 Andreas Reichel, < [email protected]
>>>> wrote:
>>>>Good evening Alex,
>>>>
>>>>in my understanding this is not possible: Shiro works on the client side
>>>>and provides an abstraction of authenticating/authorizing a client against
>>>>a server.
>>>>But you look for a registry of sessions on the server side. That should not
>>>>be Shiro's concern.
>>>>
>>>>Best regards
>>>>Andreas
>>>>
>>>>
>>>>On Thu, 2020-11-05 at 22:42 +0300, Alex Orlov wrote:
>>>>>Hi all,
>>>>>
>>>>>Could anyone say, how I can to get all logged in subjects. For example,
>>>>>Subjects
>>>>>have roles, roles have permissions. If in application a role were modified
>>>>>dynamically
>>>>>(for example in DB), I want to get all logged in subjects, iterate them,
>>>>>find those,
>>>>>who have this role, collect their principals and call in my realm method
>>>>>clearCachedAuthorizationInfo(PrincipalCollection principals).
>>>>>
>>>>>
>>>>>--
>>>>>Best regards, Alex Orlov
>>>>
>>
