You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Alex Vasilenko <aa...@gmail.com> on 2011/08/30 17:42:37 UTC
multiple realms configuration
Hello,
I'm going to use multiple realms to authenticate users. And modular logout
from one realm, meanwhile being logged in other realms.
Is it possible to logout in one realm only, without rewriting shiro?
Thanks,
Alex
Re: multiple realms configuration
Posted by Alex Vasilenko <aa...@gmail.com>.
Hello Les,
What I mean by "logged in on other realms":
Each realm implements doGetAuthenticationInfo(), that is in fact
authenticates user and adds principals to his subject.
What I want is to "deassociate" user from one of the realms. E.g. remove
principals, associated with realm.
Why I need this:
The project, I'm working on, is a MMO game with 2 applications (in fact
there are more, but it's out of scope): web application and MMO server
itself. MMO server is based on Smartfox and uses custom shiro realm. Web
realm is based on shiro web extension. Sessions DAO and session id is the
same for both applications.
Each application is identified by own realm. I don't want to remove session
on logout from one of the application, only remove it from certain realm.
Thanks,
Alex
2011/8/30 Les Hazlewood <lh...@apache.org>
> Hi Alex,
>
> I'm not sure what you mean by 'logged in on other realms'. By design,
> a Realm is not usually stateful: it does not know who is logged in or
> not. (Note however that a caching layer is provided to realms to
> improve their performance, but this is optional and does not reflect
> 'login state'). Who is logged in or not is determined based on
> Session association.
>
> If your Realm implementation subclasses CachingRealm (as most do), the
> onLogout method is called when a Subject explicitly logs out (i.e.
> subject.logout()). By default, this merely clears any cached data for
> that particular subject in that realm only.
>
> You can override this method for custom behavior if desired.
>
> Also note that the CachingRealm.onLogout method will not be called if
> a Session times out (since that is not technically a logout, it is
> disassociation by inactivity). The realm's onLogout method is called
> only as a result of calling subject.logout().
>
> HTH,
>
> --
> Les Hazlewood
> CTO, Katasoft | http://www.katasoft.com | 888.391.5282
> twitter: @lhazlewood | http://twitter.com/lhazlewood
> katasoft blog: http://www.katasoft.com/blogs/lhazlewood
> personal blog: http://leshazlewood.com
>
> On Tue, Aug 30, 2011 at 8:42 AM, Alex Vasilenko <aa...@gmail.com>
> wrote:
> > Hello,
> > I'm going to use multiple realms to authenticate users. And modular
> logout
> > from one realm, meanwhile being logged in other realms.
> > Is it possible to logout in one realm only, without rewriting shiro?
> > Thanks,
> > Alex
>
Re: multiple realms configuration
Posted by Les Hazlewood <lh...@apache.org>.
Hi Alex,
I'm not sure what you mean by 'logged in on other realms'. By design,
a Realm is not usually stateful: it does not know who is logged in or
not. (Note however that a caching layer is provided to realms to
improve their performance, but this is optional and does not reflect
'login state'). Who is logged in or not is determined based on
Session association.
If your Realm implementation subclasses CachingRealm (as most do), the
onLogout method is called when a Subject explicitly logs out (i.e.
subject.logout()). By default, this merely clears any cached data for
that particular subject in that realm only.
You can override this method for custom behavior if desired.
Also note that the CachingRealm.onLogout method will not be called if
a Session times out (since that is not technically a logout, it is
disassociation by inactivity). The realm's onLogout method is called
only as a result of calling subject.logout().
HTH,
--
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com
On Tue, Aug 30, 2011 at 8:42 AM, Alex Vasilenko <aa...@gmail.com> wrote:
> Hello,
> I'm going to use multiple realms to authenticate users. And modular logout
> from one realm, meanwhile being logged in other realms.
> Is it possible to logout in one realm only, without rewriting shiro?
> Thanks,
> Alex