The docs in http://shiro.apache.org/spring.html states :
For simplest integration, so that all SecurityUtils.* methods work in all
cases,
make the securityManager bean a static singleton.
DO NOT do this in web applications - see the 'Web Applications' section
below instead.
<bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod"
value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<property name="arguments" ref="securityManager"/>
</bean>
And from
http://mail-archives.apache.org/mod_mbox/shiro-user/201211.mbox/%3CCAAtvD4WLA_Gu_1qOFJBLoo7UbYOLmSSA2yRxCH-5Tq-yZut0ZA [ at ] mail.gmail.com%3E,
it says :
SecurityUtils.getSubject() is mainly a convenience - Shiro can - and does-
work quite well in any environment. If there isn't a thread-per-request
model, the Shiro end-user (or framework developer) just has to do some
extra work to allow an app developer to use something other than
SecurityUtils.
So, if i dont understand wrongly,
- Setting the securityManager in the xml is actually just fine
- Using SecurityUtils.getSubject() in web environment + native session is
also just fine ?
I am trying to understand these because i cannot seem to get successful
login to persist between requests.
My case is as follows :
- I am using both the xml snippet above + SecurityUtils.getSubject() +
spring + the latest apache Shiro
- My first access to the server will activate the creation of the session
(without doing any logins)
I can see it inside my db since i am using a custom sessionDAO for this
and it returns the main page
- At the main page, i try login, where the token is authenticated
successfully,
as the output is true for the subject.isAuthenticated()
And then it's redirected to the main page again
- Now when the main page opens, it still says unauthenticated (from the
output of SecurityUtils.getSubject().isAuthenticated()),
even when the session has been created,
and even in previous request, the subject's authentication is successful
(meaning the realm is correct)
What did i do wrongly here ?
<http://mail-archives.apache.org/mod_mbox/shiro-user/201211.mbox/%3CCAAtvD4WLA_Gu_1qOFJBLoo7UbYOLmSSA2yRxCH-5Tq-yZut0ZA [ at ] mail.gmail.com%3E>
For simplest integration, so that all SecurityUtils.* methods work in all
cases,
make the securityManager bean a static singleton.
DO NOT do this in web applications - see the 'Web Applications' section
below instead.
<bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod"
value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<property name="arguments" ref="securityManager"/>
</bean>
And from
http://mail-archives.apache.org/mod_mbox/shiro-user/201211.mbox/%3CCAAtvD4WLA_Gu_1qOFJBLoo7UbYOLmSSA2yRxCH-5Tq-yZut0ZA [ at ] mail.gmail.com%3E,
it says :
SecurityUtils.getSubject() is mainly a convenience - Shiro can - and does-
work quite well in any environment. If there isn't a thread-per-request
model, the Shiro end-user (or framework developer) just has to do some
extra work to allow an app developer to use something other than
SecurityUtils.
So, if i dont understand wrongly,
- Setting the securityManager in the xml is actually just fine
- Using SecurityUtils.getSubject() in web environment + native session is
also just fine ?
I am trying to understand these because i cannot seem to get successful
login to persist between requests.
My case is as follows :
- I am using both the xml snippet above + SecurityUtils.getSubject() +
spring + the latest apache Shiro
- My first access to the server will activate the creation of the session
(without doing any logins)
I can see it inside my db since i am using a custom sessionDAO for this
and it returns the main page
- At the main page, i try login, where the token is authenticated
successfully,
as the output is true for the subject.isAuthenticated()
And then it's redirected to the main page again
- Now when the main page opens, it still says unauthenticated (from the
output of SecurityUtils.getSubject().isAuthenticated()),
even when the session has been created,
and even in previous request, the subject's authentication is successful
(meaning the realm is correct)
What did i do wrongly here ?
<http://mail-archives.apache.org/mod_mbox/shiro-user/201211.mbox/%3CCAAtvD4WLA_Gu_1qOFJBLoo7UbYOLmSSA2yRxCH-5Tq-yZut0ZA [ at ] mail.gmail.com%3E>
