You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2016/12/15 23:01:50 UTC
shiro git commit: Disable session URL rewriting on web examples

Repository: shiro
Updated Branches:
  refs/heads/master 213d7ffed -> 9475c99d7


Disable session URL rewriting on web examples


Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/9475c99d
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/9475c99d
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/9475c99d

Branch: refs/heads/master
Commit: 9475c99d73ca7c041591f953dbad9a8ad485a344
Parents: 213d7ff
Author: Brian Demers <bd...@apache.org>
Authored: Thu Dec 15 15:01:41 2016 -0800
Committer: Brian Demers <bd...@apache.org>
Committed: Thu Dec 15 15:01:41 2016 -0800

----------------------------------------------------------------------
 .../shiro/samples/guice/SampleShiroGuiceBootstrap.java      | 4 ++--
 .../guice/SampleShiroNativeSessionsServletModule.java       | 3 ++-
 samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini    | 3 +++
 .../src/main/resources/application.properties               | 7 ++++++-
 .../src/main/webapp/WEB-INF/applicationContext.xml          | 9 +++++----
 samples/spring-hibernate/src/main/webapp/WEB-INF/web.xml    | 9 ++++++---
 .../src/main/webapp/WEB-INF/applicationContext.xml          | 6 +++++-
 samples/web/src/main/webapp/WEB-INF/shiro.ini               | 4 ++++
 8 files changed, 33 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroGuiceBootstrap.java
----------------------------------------------------------------------
diff --git a/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroGuiceBootstrap.java b/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroGuiceBootstrap.java
index 7bd5480..05e1b35 100644
--- a/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroGuiceBootstrap.java
+++ b/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroGuiceBootstrap.java
@@ -38,7 +38,7 @@ public class SampleShiroGuiceBootstrap extends GuiceServletContextListener {
 
     @Override
     protected Injector getInjector() {
-        return Guice.createInjector(new SampleShiroServletModule(servletContext), ShiroWebModule.guiceFilterModule());
-//        return Guice.createInjector(new SampleShiroNativeSessionsServletModule(servletContext), ShiroWebModule.guiceFilterModule());
+//        return Guice.createInjector(new SampleShiroServletModule(servletContext), ShiroWebModule.guiceFilterModule());
+        return Guice.createInjector(new SampleShiroNativeSessionsServletModule(servletContext), ShiroWebModule.guiceFilterModule());
     }
 }

http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java
----------------------------------------------------------------------
diff --git a/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java b/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java
index 5ab0057..eef357f 100644
--- a/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java
+++ b/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java
@@ -55,7 +55,7 @@ public class SampleShiroNativeSessionsServletModule extends ShiroWebModule {
         this.addFilterChain("/login.jsp", AUTHC);
         this.addFilterChain("/logout", LOGOUT);
         this.addFilterChain("/account/**", AUTHC);
-        this.addFilterChain("/remoting/**", AUTHC, config(ROLES, "b2bClient"), config(PERMS, "remote:invoke:lan,wan"));
+        this.addFilterChain("/remoting/**", filterConfig(AUTHC), filterConfig(ROLES, "b2bClient"), filterConfig(PERMS, "remote:invoke:lan,wan"));
     }
 
     @Provides
@@ -69,6 +69,7 @@ public class SampleShiroNativeSessionsServletModule extends ShiroWebModule {
     protected void bindSessionManager(AnnotatedBindingBuilder<SessionManager> bind) {
         bind.to(DefaultWebSessionManager.class);
         bindConstant().annotatedWith(Names.named("shiro.globalSessionTimeout")).to(5000L);
+        bindConstant().annotatedWith(Names.named("shiro.sessionIdUrlRewritingEnabled")).to(false);
         bind(DefaultWebSessionManager.class);
         bind(Cookie.class).toInstance(new SimpleCookie("myCookie"));
     }

http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini
----------------------------------------------------------------------
diff --git a/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini b/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini
index 33c7586..083172a 100644
--- a/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini
+++ b/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini
@@ -24,6 +24,9 @@
 listener = org.apache.shiro.config.event.LoggingBeanEventListener
 
 shiro.loginUrl = /login.jsp
+sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
+securityManager.sessionManager = $sessionManager
+securityManager.sessionManager.sessionIdUrlRewritingEnabled = false
 
 # We need to set the cipherKey, if you want the rememberMe cookie to work after restarting or on multiple nodes.
 # YOU MUST SET THIS TO A UNIQUE STRING

http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/spring-boot-web/src/main/resources/application.properties
----------------------------------------------------------------------
diff --git a/samples/spring-boot-web/src/main/resources/application.properties b/samples/spring-boot-web/src/main/resources/application.properties
index d153c17..852dc74 100644
--- a/samples/spring-boot-web/src/main/resources/application.properties
+++ b/samples/spring-boot-web/src/main/resources/application.properties
@@ -17,5 +17,10 @@
 # under the License.
 #
 
+shiro.loginUrl = /login.html
 
-shiro.loginUrl = /login.html
\ No newline at end of file
+# Let Shiro Manage the sessions
+shiro.userNativeSessionManager = true
+
+# disable URL session rewriting
+shiro.sessionManager.sessionIdUrlRewritingEnabled = false
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml b/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml
index abcdb5e..c8d1a81 100644
--- a/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml
@@ -87,10 +87,11 @@
         <!-- Single realm app (realm configured next, below).  If you have multiple realms, use the 'realms'
       property instead. -->
         <property name="realm" ref="sampleRealm"/>
-        <!-- Uncomment this next property if you want heterogenous session access or clusterable/distributable
-             sessions.  The default value is 'http' which uses the Servlet container's HttpSession as the underlying
-             Session implementation.
-        <property name="sessionMode" value="native"/> -->
+        <property name="sessionManager" ref="sessionManager"/>
+    </bean>
+
+    <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
+        <property name="sessionIdUrlRewritingEnabled" value="false"/>
     </bean>
 
     <!-- Post processor that automatically invokes init() and destroy() methods -->

http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/spring-hibernate/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/samples/spring-hibernate/src/main/webapp/WEB-INF/web.xml b/samples/spring-hibernate/src/main/webapp/WEB-INF/web.xml
index 3340478..db1303f 100644
--- a/samples/spring-hibernate/src/main/webapp/WEB-INF/web.xml
+++ b/samples/spring-hibernate/src/main/webapp/WEB-INF/web.xml
@@ -17,10 +17,10 @@
   ~ specific language governing permissions and limitations
   ~ under the License.
   -->
-<web-app version="2.4"
-         xmlns="http://java.sun.com/xml/ns/j2ee"
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+         version="3.1">
 
     <!-- ===================================================================
  -  Context parameters
@@ -102,4 +102,7 @@
         <location>/unauthorized.jsp</location>
     </error-page>
 
+    <session-config>
+        <tracking-mode>COOKIE</tracking-mode>
+    </session-config>
 </web-app>

http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml b/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml
index d91b3c0..84a085f 100644
--- a/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml
@@ -50,8 +50,12 @@
     <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
         <property name="cacheManager" ref="cacheManager"/>
         <!-- Single realm app.  If you have multiple realms, use the 'realms' property instead. -->
-        <property name="sessionMode" value="native"/>
         <property name="realm" ref="jdbcRealm"/>
+        <property name="sessionManager" ref="sessionManager"/>
+    </bean>
+
+    <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
+        <property name="sessionIdUrlRewritingEnabled" value="false"/>
     </bean>
 
     <!-- Let's use some enterprise caching support for better performance.  You can replace this with any enterprise

http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/web/src/main/webapp/WEB-INF/shiro.ini
----------------------------------------------------------------------
diff --git a/samples/web/src/main/webapp/WEB-INF/shiro.ini b/samples/web/src/main/webapp/WEB-INF/shiro.ini
index 90173fc..bd9fb7c 100644
--- a/samples/web/src/main/webapp/WEB-INF/shiro.ini
+++ b/samples/web/src/main/webapp/WEB-INF/shiro.ini
@@ -26,6 +26,10 @@ listener = org.apache.shiro.config.event.LoggingBeanEventListener
 shiro.loginUrl = /login.jsp
 shiro.postOnlyLogout = true
 
+sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
+securityManager.sessionManager = $sessionManager
+securityManager.sessionManager.sessionIdUrlRewritingEnabled = false
+
 # We need to set the cipherKey, if you want the rememberMe cookie to work after restarting or on multiple nodes.
 # YOU MUST SET THIS TO A UNIQUE STRING
 securityManager.rememberMeManager.cipherKey = kPH+bIxk5D2deZiIxcaaaA==