You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2016/12/15 23:01:50 UTC
shiro git commit: Disable session URL rewriting on web examples
Repository: shiro
Updated Branches:
refs/heads/master 213d7ffed -> 9475c99d7
Disable session URL rewriting on web examples
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/9475c99d
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/9475c99d
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/9475c99d
Branch: refs/heads/master
Commit: 9475c99d73ca7c041591f953dbad9a8ad485a344
Parents: 213d7ff
Author: Brian Demers <bd...@apache.org>
Authored: Thu Dec 15 15:01:41 2016 -0800
Committer: Brian Demers <bd...@apache.org>
Committed: Thu Dec 15 15:01:41 2016 -0800
----------------------------------------------------------------------
.../shiro/samples/guice/SampleShiroGuiceBootstrap.java | 4 ++--
.../guice/SampleShiroNativeSessionsServletModule.java | 3 ++-
samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini | 3 +++
.../src/main/resources/application.properties | 7 ++++++-
.../src/main/webapp/WEB-INF/applicationContext.xml | 9 +++++----
samples/spring-hibernate/src/main/webapp/WEB-INF/web.xml | 9 ++++++---
.../src/main/webapp/WEB-INF/applicationContext.xml | 6 +++++-
samples/web/src/main/webapp/WEB-INF/shiro.ini | 4 ++++
8 files changed, 33 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroGuiceBootstrap.java
----------------------------------------------------------------------
diff --git a/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroGuiceBootstrap.java b/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroGuiceBootstrap.java
index 7bd5480..05e1b35 100644
--- a/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroGuiceBootstrap.java
+++ b/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroGuiceBootstrap.java
@@ -38,7 +38,7 @@ public class SampleShiroGuiceBootstrap extends GuiceServletContextListener {
@Override
protected Injector getInjector() {
- return Guice.createInjector(new SampleShiroServletModule(servletContext), ShiroWebModule.guiceFilterModule());
-// return Guice.createInjector(new SampleShiroNativeSessionsServletModule(servletContext), ShiroWebModule.guiceFilterModule());
+// return Guice.createInjector(new SampleShiroServletModule(servletContext), ShiroWebModule.guiceFilterModule());
+ return Guice.createInjector(new SampleShiroNativeSessionsServletModule(servletContext), ShiroWebModule.guiceFilterModule());
}
}
http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java
----------------------------------------------------------------------
diff --git a/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java b/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java
index 5ab0057..eef357f 100644
--- a/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java
+++ b/samples/guice/src/main/java/org/apache/shiro/samples/guice/SampleShiroNativeSessionsServletModule.java
@@ -55,7 +55,7 @@ public class SampleShiroNativeSessionsServletModule extends ShiroWebModule {
this.addFilterChain("/login.jsp", AUTHC);
this.addFilterChain("/logout", LOGOUT);
this.addFilterChain("/account/**", AUTHC);
- this.addFilterChain("/remoting/**", AUTHC, config(ROLES, "b2bClient"), config(PERMS, "remote:invoke:lan,wan"));
+ this.addFilterChain("/remoting/**", filterConfig(AUTHC), filterConfig(ROLES, "b2bClient"), filterConfig(PERMS, "remote:invoke:lan,wan"));
}
@Provides
@@ -69,6 +69,7 @@ public class SampleShiroNativeSessionsServletModule extends ShiroWebModule {
protected void bindSessionManager(AnnotatedBindingBuilder<SessionManager> bind) {
bind.to(DefaultWebSessionManager.class);
bindConstant().annotatedWith(Names.named("shiro.globalSessionTimeout")).to(5000L);
+ bindConstant().annotatedWith(Names.named("shiro.sessionIdUrlRewritingEnabled")).to(false);
bind(DefaultWebSessionManager.class);
bind(Cookie.class).toInstance(new SimpleCookie("myCookie"));
}
http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini
----------------------------------------------------------------------
diff --git a/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini b/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini
index 33c7586..083172a 100644
--- a/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini
+++ b/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini
@@ -24,6 +24,9 @@
listener = org.apache.shiro.config.event.LoggingBeanEventListener
shiro.loginUrl = /login.jsp
+sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
+securityManager.sessionManager = $sessionManager
+securityManager.sessionManager.sessionIdUrlRewritingEnabled = false
# We need to set the cipherKey, if you want the rememberMe cookie to work after restarting or on multiple nodes.
# YOU MUST SET THIS TO A UNIQUE STRING
http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/spring-boot-web/src/main/resources/application.properties
----------------------------------------------------------------------
diff --git a/samples/spring-boot-web/src/main/resources/application.properties b/samples/spring-boot-web/src/main/resources/application.properties
index d153c17..852dc74 100644
--- a/samples/spring-boot-web/src/main/resources/application.properties
+++ b/samples/spring-boot-web/src/main/resources/application.properties
@@ -17,5 +17,10 @@
# under the License.
#
+shiro.loginUrl = /login.html
-shiro.loginUrl = /login.html
\ No newline at end of file
+# Let Shiro Manage the sessions
+shiro.userNativeSessionManager = true
+
+# disable URL session rewriting
+shiro.sessionManager.sessionIdUrlRewritingEnabled = false
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml b/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml
index abcdb5e..c8d1a81 100644
--- a/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml
@@ -87,10 +87,11 @@
<!-- Single realm app (realm configured next, below). If you have multiple realms, use the 'realms'
property instead. -->
<property name="realm" ref="sampleRealm"/>
- <!-- Uncomment this next property if you want heterogenous session access or clusterable/distributable
- sessions. The default value is 'http' which uses the Servlet container's HttpSession as the underlying
- Session implementation.
- <property name="sessionMode" value="native"/> -->
+ <property name="sessionManager" ref="sessionManager"/>
+ </bean>
+
+ <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
+ <property name="sessionIdUrlRewritingEnabled" value="false"/>
</bean>
<!-- Post processor that automatically invokes init() and destroy() methods -->
http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/spring-hibernate/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/samples/spring-hibernate/src/main/webapp/WEB-INF/web.xml b/samples/spring-hibernate/src/main/webapp/WEB-INF/web.xml
index 3340478..db1303f 100644
--- a/samples/spring-hibernate/src/main/webapp/WEB-INF/web.xml
+++ b/samples/spring-hibernate/src/main/webapp/WEB-INF/web.xml
@@ -17,10 +17,10 @@
~ specific language governing permissions and limitations
~ under the License.
-->
-<web-app version="2.4"
- xmlns="http://java.sun.com/xml/ns/j2ee"
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+ version="3.1">
<!-- ===================================================================
- Context parameters
@@ -102,4 +102,7 @@
<location>/unauthorized.jsp</location>
</error-page>
+ <session-config>
+ <tracking-mode>COOKIE</tracking-mode>
+ </session-config>
</web-app>
http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml b/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml
index d91b3c0..84a085f 100644
--- a/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml
@@ -50,8 +50,12 @@
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="cacheManager" ref="cacheManager"/>
<!-- Single realm app. If you have multiple realms, use the 'realms' property instead. -->
- <property name="sessionMode" value="native"/>
<property name="realm" ref="jdbcRealm"/>
+ <property name="sessionManager" ref="sessionManager"/>
+ </bean>
+
+ <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
+ <property name="sessionIdUrlRewritingEnabled" value="false"/>
</bean>
<!-- Let's use some enterprise caching support for better performance. You can replace this with any enterprise
http://git-wip-us.apache.org/repos/asf/shiro/blob/9475c99d/samples/web/src/main/webapp/WEB-INF/shiro.ini
----------------------------------------------------------------------
diff --git a/samples/web/src/main/webapp/WEB-INF/shiro.ini b/samples/web/src/main/webapp/WEB-INF/shiro.ini
index 90173fc..bd9fb7c 100644
--- a/samples/web/src/main/webapp/WEB-INF/shiro.ini
+++ b/samples/web/src/main/webapp/WEB-INF/shiro.ini
@@ -26,6 +26,10 @@ listener = org.apache.shiro.config.event.LoggingBeanEventListener
shiro.loginUrl = /login.jsp
shiro.postOnlyLogout = true
+sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
+securityManager.sessionManager = $sessionManager
+securityManager.sessionManager.sessionIdUrlRewritingEnabled = false
+
# We need to set the cipherKey, if you want the rememberMe cookie to work after restarting or on multiple nodes.
# YOU MUST SET THIS TO A UNIQUE STRING
securityManager.rememberMeManager.cipherKey = kPH+bIxk5D2deZiIxcaaaA==