You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by "romulolana@mp.mg.gov.br" <ro...@mp.mg.gov.br> on 2011/10/03 20:30:59 UTC

How to put user profile in Shiro session with cache enabled

I was trying the following approach to load user profile:
I tried to override the queryForAuthenticationInfo adding the following
code:

Subject currentUser = SecurityUtils.getSubject();
Session session = currentUser.getSession();
UserProfile userProfile = new UserProfile();
userProfile = LdapUtil.loadProfile(ctx);
session.setAttribute( "userProfile", userProfile );

Basically, I put the profile in the user's session to be retrieved later if
necessary.

At the first time the login the profile was loaded. But after logout and
login again the profile wasn't loaded, maybe because I'm using the cache,
and the code isn't run in the second execution.

Anybody know where is the best place to implement this functionality?

Thanks in advance,

Rômulo Cordeiro Lana  
Systems Analyst - Public Prosecutor of the State of Minas Gerais
IT Superintendent - Information Systems - System Architecture
Tel.: (+55 31) 33308340 - romulolana@mp.mg.gov.br 

--
View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-put-user-profile-in-Shiro-session-with-cache-enabled-tp6856044p6856044.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: How to put user profile in Shiro session with cache enabled

Posted by "romulolana@mp.mg.gov.br" <ro...@mp.mg.gov.br>.

Now the load of user's profile is functioning... 

The solution:

For documentation I extended org.apache.shiro.realm.ldap.JndiLdapRealm and
overrided the createAuthenticationInfo and I created a class UserProfile
that implements Comparable<UserProfile>, Principal, Serializable. 

The method implemented:

@Override
	@SuppressWarnings({"UnusedDeclaration"})
    protected AuthenticationInfo
createAuthenticationInfo(AuthenticationToken token, Object ldapPrincipal,
                                                          Object
ldapCredentials, LdapContext ldapContext)throws NamingException {
		
		System.out.println("createAuthenticationInfo");
		
		// **** LOAD USER PROFILE
		UserProfile userProfile = new UserProfile();
		userProfile =
LdapUtil.loadProfile(ldapContext,(String)token.getPrincipal());
		
		System.out.println("Profile loaded...");
		userProfile.show();
		
        return new SimpleAuthenticationInfo(userProfile,
token.getCredentials(), getName());
    }

--
View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-put-user-profile-in-Shiro-session-with-cache-enabled-tp6856044p6859843.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: How to put user profile in Shiro session with cache enabled

Posted by "romulolana@mp.mg.gov.br" <ro...@mp.mg.gov.br>.

Exactly, my userProfile is an object created to reflect an LDAP user (with
all his attributes). 

The application using Shiro may want to retrieve this information to use in
some way.

Rômulo

--
View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-put-user-profile-in-Shiro-session-with-cache-enabled-tp6856044p6856648.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: How to put user profile in Shiro session with cache enabled

Posted by Les Hazlewood <lh...@apache.org>.

I'm not sure I understand - is your UserProfile an object created to
reflect an LDAP user? Or is it a domain object specific to your
application?

Les

On Mon, Oct 3, 2011 at 7:56 PM, romulolana@mp.mg.gov.br
<ro...@mp.mg.gov.br> wrote:
> I understood the cache's mechanism of Shiro. I'm using EhCache, and it's
> working. But I need to know which method I should use to implement the code
> to load the user profile. Where's the best place to implement the user
> profile?
>
> Could someone help me?
>
> Rômulo.
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-put-user-profile-in-Shiro-session-with-cache-enabled-tp6856044p6856367.html
> Sent from the Shiro User mailing list archive at Nabble.com.

Re: How to put user profile in Shiro session with cache enabled

Posted by "romulolana@mp.mg.gov.br" <ro...@mp.mg.gov.br>.

I understood the cache's mechanism of Shiro. I'm using EhCache, and it's
working. But I need to know which method I should use to implement the code
to load the user profile. Where's the best place to implement the user
profile?

Could someone help me?

Rômulo.

--
View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-put-user-profile-in-Shiro-session-with-cache-enabled-tp6856044p6856367.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: How to put user profile in Shiro session with cache enabled

Posted by Les Hazlewood <lh...@apache.org>.

Hi Rômulo,

Typically you represent this information by a simple 'pointer' stored
in the PrincipalCollection returned from your Realm during
authentication.  Then you can look up the UserProfile object from LDAP
at any time in the future.  You can use Shiro's cache mechanism to
reduce back-end load if you want, or use a different caching mechanism
altogether.

During runtime, you can get use the 'pointer' to look up the meaningful data.

For example, during login in your Realm:

String ldapDN = //whatever you get after login
SimplePrincipalCollection principals = new
SimplePrincipalCollection(ldapDN, getName());
return new SimpleAuthenticationInfo(principals, credentials);

Then later in the application:

String ldapDN = subject.getPrincipals().oneByType(String.class);
UserProfile profile = userManager.getUserProfile(ldapDN);

your 'userManager' object can use whatever cache mechanism you want to
ensure the lookups remain fast.  For example, during login, you can
put the UserProfile object into the cache.  Then during lookup (the
'getUserProfile' call above), it can pull it from the same cache (or
look it up from LDAP if the cache has expired it).

Typically for performance reasons, you want the Session to remain as
fast and efficient as is possible.  Also, it should be noted, that
when you store simple pointers in the PrincipalCollection, they can be
retrieved later via RememberMe services, even if the session has
stopped or expired.

HTH,

-- 
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com

On Mon, Oct 3, 2011 at 6:30 PM, romulolana@mp.mg.gov.br
<ro...@mp.mg.gov.br> wrote:
> I was trying the following approach to load user profile:
> I tried to override the queryForAuthenticationInfo adding the following
> code:
>
> Subject currentUser = SecurityUtils.getSubject();
> Session session = currentUser.getSession();
> UserProfile userProfile = new UserProfile();
> userProfile = LdapUtil.loadProfile(ctx);
> session.setAttribute( "userProfile", userProfile );
>
> Basically, I put the profile in the user's session to be retrieved later if
> necessary.
>
> At the first time the login the profile was loaded. But after logout and
> login again the profile wasn't loaded, maybe because I'm using the cache,
> and the code isn't run in the second execution.
>
> Anybody know where is the best place to implement this functionality?
>
> Thanks in advance,
>
> Rômulo Cordeiro Lana
> Systems Analyst - Public Prosecutor of the State of Minas Gerais
> IT Superintendent - Information Systems - System Architecture
> Tel.: (+55 31) 33308340 - romulolana@mp.mg.gov.br
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-put-user-profile-in-Shiro-session-with-cache-enabled-tp6856044p6856044.html
> Sent from the Shiro User mailing list archive at Nabble.com.