You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Kynth <ch...@kynth.com> on 2011/08/05 16:57:05 UTC
Re: Updated Session Management documentation
Using the shiro.ini settings in the EHCache SessionDAO section:
> [main]
> sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
> securityManager.sessionManager.sessionDAO = $sessionDAO
>
> cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
> securityManager.cacheManager = $cacheManager
>
I receive the error:
> org.apache.shiro.config.ConfigurationException: Property
> 'sessionManager.sessionDAO' does not exist for object of type
> org.apache.shiro.web.mgt.DefaultWebSecurityManager.
>
I have had better results with:
> [main]
>
> sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> sessionManager.sessionDAO = $sessionDAO
> securityManager.sessionManager = $sessionManager
> cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
> securityManager.cacheManager = $cacheManager
>
Although I've still been unable to successfully cluster using Terracotta
given the other default cache and shiro.ini settings provided so far. I'll
post questions on that topic in another post and report back here later so
as not to clog up this thread.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Updated-Session-Management-documentation-tp6550877p6656839.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Updated Session Management documentation
Posted by Les Hazlewood <lh...@apache.org>.
P.S. I still need to update the Web documentation to reflect the
web-specific concepts (e.g. 'native' vs 'servlet container' sessions).
On Mon, Aug 8, 2011 at 4:14 PM, Les Hazlewood <lh...@apache.org> wrote:
> I added a new 'Session Clustering' section to the Session Management
> documentation here:
>
> https://cwiki.apache.org/confluence/display/SHIRO/Session+Management
>
> Please allow a few hours for it to propagate to the main Shiro website.
>
> Thanks again for the feedback Chris - it was very helpful!
>
> Cheers,
>
> Les
Re: Updated Session Management documentation
Posted by Les Hazlewood <lh...@apache.org>.
I added a new 'Session Clustering' section to the Session Management
documentation here:
https://cwiki.apache.org/confluence/display/SHIRO/Session+Management
Please allow a few hours for it to propagate to the main Shiro website.
Thanks again for the feedback Chris - it was very helpful!
Cheers,
Les
Re: Updated Session Management documentation
Posted by Eric Pederson <er...@gmail.com>.
Any Realm that extends AuthorizingRealm (such as JdbcRealm) supports caching
out of the box. Caching is enabled by setting the cacheManager on the realm
using setCacheManager().
-- Eric
On Wed, Aug 10, 2011 at 5:01 AM, Chris <ch...@kynth.com> wrote:
> Thanks Eric, this wasn't obviously apparent to me from the docs.
>
> Do any of the built in Realms (e.g. JdbcRealm) support authorization
> caching
> out of the box or is this something we'd need to extend or roll for
> ourselves?
>
> This is probably worth noting in the documentation either way.
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Updated-Session-Management-documentation-tp6550877p6671585.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Updated Session Management documentation
Posted by Chris <ch...@kynth.com>.
Thanks Eric, this wasn't obviously apparent to me from the docs.
Do any of the built in Realms (e.g. JdbcRealm) support authorization caching
out of the box or is this something we'd need to extend or roll for
ourselves?
This is probably worth noting in the documentation either way.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Updated-Session-Management-documentation-tp6550877p6671585.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Updated Session Management documentation
Posted by Eric Pederson <er...@gmail.com>.
If you are using authorization caching for your realm and you want that
cache to be clustered you'll need to define a cache entry for that too:
For example:
<cache name="com.foo.MyRealm.authorizationCache"
diskPersistent="false"
overflowToDisk="false"
maxElementsInMemory="10000"
eternal="true"
timeToLiveSeconds="0"
timeToIdleSeconds="0">
<terracotta/>
</cache>
-- Eric
On Mon, Aug 8, 2011 at 5:18 PM, Les Hazlewood <lh...@apache.org> wrote:
> On Mon, Aug 8, 2011 at 6:47 AM, Chris <ch...@kynth.com> wrote:
> > You're welcome.
> >
> > I got to the bottom of the Terracotta Clustering issues I was having.
> >
> > The solution required correct sessionMode and cookie configuration as
> well
> > as working around a problem with the favicon.ico request in some browsers
> > (Chrome and Safari in particular).
> >
> > The configuration provided by F A V
> >
> http://shiro-user.582556.n2.nabble.com/Shiro-and-multiple-wars-within-the-same-Servlet-Container-tp5560737p5563334.html
> > on another question supplied a working shiro.ini main config:
> >
> >
> >
> >> [main]
> >> # Cache for single sign on
> >> ssoCacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
> >> ssoCacheManager.cacheManagerConfigFile = classpath:ehcache.xml
> >> securityManager.cacheManager = $ssoCacheManager
> >>
> >> # Native mode for single sign on
> >> securityManager.sessionMode = native
> >>
> >> # DAO for single sign on
> >> sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
> >> securityManager.sessionManager.sessionDAO = $sessionDAO
> >>
> >> # Cookie for single sign on
> >> cookie = org.apache.shiro.web.servlet.SimpleCookie
> >> cookie.name = SSOcookie
> >> cookie.path = /
> >> securityManager.sessionManager.sessionIdCookie = $cookie
> >>
> >> [urls]
> >> # Some browsers experience 404 errors when requesting the favicon.ico
> >> /favicon.ico = anon
> >>
> >
> > Note the favicon.ico pattern match.
>
> Yep, this is good to point out - I myself have that same rule in the
> Shiro configurations I use for the same reason.
>
> > The ehcache.xml file also needed to be tweaked from the default
> > configuration file following the
> >
> http://ehcache.org/documentation/distributed_caching_with_terracotta.html
> > Ehcache documentation :
> >
> >
> >
> >> <ehcache>
> >> <terracottaConfig url="localhost:9510"/>
> >> <diskStore path="java.io.tmpdir/shiro-ehcache"/>
> >> <defaultCache
> >> maxElementsInMemory="10000"
> >> eternal="false"
> >> timeToIdleSeconds="120"
> >> timeToLiveSeconds="120"
> >> overflowToDisk="false"
> >> diskPersistent="false"
> >> diskExpiryThreadIntervalSeconds="120">
> >> <terracotta/>
> >> </defaultCache>
> >> <cache name="shiro-activeSessionCache"
> >> maxElementsInMemory="10000"
> >> eternal="true"
> >> timeToLiveSeconds="0"
> >> timeToIdleSeconds="0"
> >> diskPersistent="false"
> >> overflowToDisk="false"
> >> diskExpiryThreadIntervalSeconds="600">
> >> <terracotta/>
> >> </cache>
> >> <cache name="org.apache.shiro.realm.text.PropertiesRealm-0-accounts"
> >> maxElementsInMemory="1000"
> >> eternal="true"
> >> overflowToDisk="false">
> >> <terracotta/>
> >> </cache>
> >> </ehcache>
> >>
> >
> > Also note the addition of the Terracotta elements in the ehcache and
> cache
> > blocks. The cache disk options have been toggled to false as well, as
> these
> > operations aren't supported in a cluster in this form.
>
> This is great - thanks for sharing Chris. I'll add this to the
> documentation as well.
>
> > I hope I haven't missed anything obvious with this configuration.
> Together
> > with an Active/Passive Terracotta array I've successfully configured two
> > webapps served on each of three Tomcat servers to use a single sign on in
> a
> > proof of concept system.
> >
> > I'm very impressed with Shiro.
>
> We're glad you enjoy it! Any time you have feedback like what you've
> shared already, please keep it coming - it is what helps Shiro become
> better.
>
> Best,
>
> --
> Les Hazlewood
> CTO, Katasoft | http://www.katasoft.com | 888.391.5282
> twitter: @lhazlewood | http://twitter.com/lhazlewood
> katasoft blog: http://www.katasoft.com/blogs/lhazlewood
> personal blog: http://leshazlewood.com
>
Re: Updated Session Management documentation
Posted by Les Hazlewood <lh...@apache.org>.
On Mon, Aug 8, 2011 at 6:47 AM, Chris <ch...@kynth.com> wrote:
> You're welcome.
>
> I got to the bottom of the Terracotta Clustering issues I was having.
>
> The solution required correct sessionMode and cookie configuration as well
> as working around a problem with the favicon.ico request in some browsers
> (Chrome and Safari in particular).
>
> The configuration provided by F A V
> http://shiro-user.582556.n2.nabble.com/Shiro-and-multiple-wars-within-the-same-Servlet-Container-tp5560737p5563334.html
> on another question supplied a working shiro.ini main config:
>
>
>
>> [main]
>> # Cache for single sign on
>> ssoCacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
>> ssoCacheManager.cacheManagerConfigFile = classpath:ehcache.xml
>> securityManager.cacheManager = $ssoCacheManager
>>
>> # Native mode for single sign on
>> securityManager.sessionMode = native
>>
>> # DAO for single sign on
>> sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
>> securityManager.sessionManager.sessionDAO = $sessionDAO
>>
>> # Cookie for single sign on
>> cookie = org.apache.shiro.web.servlet.SimpleCookie
>> cookie.name = SSOcookie
>> cookie.path = /
>> securityManager.sessionManager.sessionIdCookie = $cookie
>>
>> [urls]
>> # Some browsers experience 404 errors when requesting the favicon.ico
>> /favicon.ico = anon
>>
>
> Note the favicon.ico pattern match.
Yep, this is good to point out - I myself have that same rule in the
Shiro configurations I use for the same reason.
> The ehcache.xml file also needed to be tweaked from the default
> configuration file following the
> http://ehcache.org/documentation/distributed_caching_with_terracotta.html
> Ehcache documentation :
>
>
>
>> <ehcache>
>> <terracottaConfig url="localhost:9510"/>
>> <diskStore path="java.io.tmpdir/shiro-ehcache"/>
>> <defaultCache
>> maxElementsInMemory="10000"
>> eternal="false"
>> timeToIdleSeconds="120"
>> timeToLiveSeconds="120"
>> overflowToDisk="false"
>> diskPersistent="false"
>> diskExpiryThreadIntervalSeconds="120">
>> <terracotta/>
>> </defaultCache>
>> <cache name="shiro-activeSessionCache"
>> maxElementsInMemory="10000"
>> eternal="true"
>> timeToLiveSeconds="0"
>> timeToIdleSeconds="0"
>> diskPersistent="false"
>> overflowToDisk="false"
>> diskExpiryThreadIntervalSeconds="600">
>> <terracotta/>
>> </cache>
>> <cache name="org.apache.shiro.realm.text.PropertiesRealm-0-accounts"
>> maxElementsInMemory="1000"
>> eternal="true"
>> overflowToDisk="false">
>> <terracotta/>
>> </cache>
>> </ehcache>
>>
>
> Also note the addition of the Terracotta elements in the ehcache and cache
> blocks. The cache disk options have been toggled to false as well, as these
> operations aren't supported in a cluster in this form.
This is great - thanks for sharing Chris. I'll add this to the
documentation as well.
> I hope I haven't missed anything obvious with this configuration. Together
> with an Active/Passive Terracotta array I've successfully configured two
> webapps served on each of three Tomcat servers to use a single sign on in a
> proof of concept system.
>
> I'm very impressed with Shiro.
We're glad you enjoy it! Any time you have feedback like what you've
shared already, please keep it coming - it is what helps Shiro become
better.
Best,
--
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com
Re: Updated Session Management documentation
Posted by Chris <ch...@kynth.com>.
You're welcome.
I got to the bottom of the Terracotta Clustering issues I was having.
The solution required correct sessionMode and cookie configuration as well
as working around a problem with the favicon.ico request in some browsers
(Chrome and Safari in particular).
The configuration provided by F A V
http://shiro-user.582556.n2.nabble.com/Shiro-and-multiple-wars-within-the-same-Servlet-Container-tp5560737p5563334.html
on another question supplied a working shiro.ini main config:
> [main]
> # Cache for single sign on
> ssoCacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
> ssoCacheManager.cacheManagerConfigFile = classpath:ehcache.xml
> securityManager.cacheManager = $ssoCacheManager
>
> # Native mode for single sign on
> securityManager.sessionMode = native
>
> # DAO for single sign on
> sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
> securityManager.sessionManager.sessionDAO = $sessionDAO
>
> # Cookie for single sign on
> cookie = org.apache.shiro.web.servlet.SimpleCookie
> cookie.name = SSOcookie
> cookie.path = /
> securityManager.sessionManager.sessionIdCookie = $cookie
>
> [urls]
> # Some browsers experience 404 errors when requesting the favicon.ico
> /favicon.ico = anon
>
Note the favicon.ico pattern match.
The ehcache.xml file also needed to be tweaked from the default
configuration file following the
http://ehcache.org/documentation/distributed_caching_with_terracotta.html
Ehcache documentation :
> <ehcache>
> <terracottaConfig url="localhost:9510"/>
> <diskStore path="java.io.tmpdir/shiro-ehcache"/>
> <defaultCache
> maxElementsInMemory="10000"
> eternal="false"
> timeToIdleSeconds="120"
> timeToLiveSeconds="120"
> overflowToDisk="false"
> diskPersistent="false"
> diskExpiryThreadIntervalSeconds="120">
> <terracotta/>
> </defaultCache>
> <cache name="shiro-activeSessionCache"
> maxElementsInMemory="10000"
> eternal="true"
> timeToLiveSeconds="0"
> timeToIdleSeconds="0"
> diskPersistent="false"
> overflowToDisk="false"
> diskExpiryThreadIntervalSeconds="600">
> <terracotta/>
> </cache>
> <cache name="org.apache.shiro.realm.text.PropertiesRealm-0-accounts"
> maxElementsInMemory="1000"
> eternal="true"
> overflowToDisk="false">
> <terracotta/>
> </cache>
> </ehcache>
>
Also note the addition of the Terracotta elements in the ehcache and cache
blocks. The cache disk options have been toggled to false as well, as these
operations aren't supported in a cluster in this form.
I hope I haven't missed anything obvious with this configuration. Together
with an Active/Passive Terracotta array I've successfully configured two
webapps served on each of three Tomcat servers to use a single sign on in a
proof of concept system.
I'm very impressed with Shiro.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Updated-Session-Management-documentation-tp6550877p6664346.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Updated Session Management documentation
Posted by Les Hazlewood <lh...@apache.org>.
Sounds good - thanks very much for the feedback Chris. I'll update
the documentation asap.
Best,
Les
On Fri, Aug 5, 2011 at 7:57 AM, Kynth <ch...@kynth.com> wrote:
> Using the shiro.ini settings in the EHCache SessionDAO section:
>
>
>
>> [main]
>> sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
>> securityManager.sessionManager.sessionDAO = $sessionDAO
>>
>> cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
>> securityManager.cacheManager = $cacheManager
>>
>
> I receive the error:
>
>
>
>> org.apache.shiro.config.ConfigurationException: Property
>> 'sessionManager.sessionDAO' does not exist for object of type
>> org.apache.shiro.web.mgt.DefaultWebSecurityManager.
>>
>
> I have had better results with:
>
>
>
>> [main]
>>
>> sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
>> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
>> sessionManager.sessionDAO = $sessionDAO
>> securityManager.sessionManager = $sessionManager
>> cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
>> securityManager.cacheManager = $cacheManager
>>
>
> Although I've still been unable to successfully cluster using Terracotta
> given the other default cache and shiro.ini settings provided so far. I'll
> post questions on that topic in another post and report back here later so
> as not to clog up this thread.
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Updated-Session-Management-documentation-tp6550877p6656839.html
> Sent from the Shiro User mailing list archive at Nabble.com.