You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by niels <op...@gmail.com> on 2014/09/17 20:10:31 UTC
Struggling with rememberMe
Hi,
I use DefaultWebSecurityManager with IniRealms. If I authenticate I get a
rememberMe-Cookie, so the first step is done.
I restart the server in debug mode an get the following
So I found that I get a subject from
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(SubjectContext).
How ever it's not authenticated. At the end I get a redirect to the login
url.
I can't find any code where isRemembered() is called. Is it necessary to
define a RememberMe-Filter? But I thought that the FilterChain is always an
logical-and not an -or.
If I read the rememberMe documentation everything should work :-(
Any suggestions how to dig deeper in it?
Regards
Niels
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Struggling-with-rememberMe-tp7580236.html
Sent from the Shiro User mailing list archive at Nabble.com.
RE: Struggling with rememberMe (want authenticated)
Posted by Konrad Zuse <th...@hotmail.com>.
"Authenticated" means the user has logged in. Remember me only works with "User" and not "Authenticated" YOu can still run your application by using them as a user. IT is possible to check to see if they are a user and then authenticate them, based on previously known data, which means you wuld have to store the password/user combos.
You don't need authenticated though.
> Date: Thu, 18 Sep 2014 06:07:15 -0700
> From: opensource21@gmail.com
> To: user@shiro.apache.org
> Subject: Re: Struggling with rememberMe (want authenticated)
>
> Thanks, one last question:
> Exists for this common-problem a default implementation (in a blog, sample
> or in the jar) or must I wrote my own from scratch?
>
> Regards
> Niels
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Struggling-with-rememberMe-tp7580236p7580249.html
> Sent from the Shiro User mailing list archive at Nabble.com.
Re: Struggling with rememberMe (want authenticated)
Posted by niels <op...@gmail.com>.
Thanks, one last question:
Exists for this common-problem a default implementation (in a blog, sample
or in the jar) or must I wrote my own from scratch?
Regards
Niels
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Struggling-with-rememberMe-tp7580236p7580249.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Struggling with rememberMe (want authenticated)
Posted by Alessio Stalla <al...@manydesigns.com>.
In development you can use a different configuration that always
authenticates you as a certain user...
On 18 Sep 2014 12:36, "niels" <op...@gmail.com> wrote:
> Well it's convenient if you are developing and has code that need always a
> user.
> Another approach is to disable the filter but then you have no subject
> anymore. :-/
>
> But perhaps it's more a problem of thinking in spring-solutions. At the
> beginning it's inconvenient, but it's nice that Shiro has this problem more
> in view.
>
> Thank for the hint
> Niels
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Struggling-with-rememberMe-tp7580236p7580247.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Struggling with rememberMe (want authenticated)
Posted by niels <op...@gmail.com>.
Well it's convenient if you are developing and has code that need always a
user.
Another approach is to disable the filter but then you have no subject
anymore. :-/
But perhaps it's more a problem of thinking in spring-solutions. At the
beginning it's inconvenient, but it's nice that Shiro has this problem more
in view.
Thank for the hint
Niels
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Struggling-with-rememberMe-tp7580236p7580247.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Struggling with rememberMe (want authenticated)
Posted by Alessio Stalla <al...@manydesigns.com>.
Well - just avoid using @RequiresAuthentication. Or write a filter and
corresponding realm that, if the user is not authenticated but only
remembered, authenticates it using a special token that doesn't check the
password. Generally I don't think it's a good idea to use rememberMe as
authentication, as it's less secure.
On Thu, Sep 18, 2014 at 12:01 PM, niels <op...@gmail.com> wrote:
> RememberMe works as design. The user isn't authenticated only known. So the
> question is, is it possible to handle a remembered user as fully
> authenticated?
>
> Must I wrote a subclass of FormAuthenticationFilter or extend the Realm? Or
> is there a build in functionality. Would be nice if someone give me a hint
> to the right direction.
>
> Regards
> Niels
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Struggling-with-rememberMe-tp7580236p7580245.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
--
*Alessio Stalla* | Software Architect
M: +39 340 7824743 | T: +39 010 566441 | F: +39 010 8900455
alessio.stalla@manydesigns.com | www.manydesigns.com
MANYDESIGNS s.r.l.
Via G. D'Annunzio, 2/51 | 16121 Genova (GE) | Italy
Re: Struggling with rememberMe (want authenticated)
Posted by niels <op...@gmail.com>.
RememberMe works as design. The user isn't authenticated only known. So the
question is, is it possible to handle a remembered user as fully
authenticated?
Must I wrote a subclass of FormAuthenticationFilter or extend the Realm? Or
is there a build in functionality. Would be nice if someone give me a hint
to the right direction.
Regards
Niels
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Struggling-with-rememberMe-tp7580236p7580245.html
Sent from the Shiro User mailing list archive at Nabble.com.