You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Alex Orlov <oo...@mail.ru> on 2020/11/05 21:21:17 UTC

Re[4]: How to get all logged in Subjects

Thank you all of you. I got the point.
 
 
--
Best regards, Alex Orlov
 
  
>Четверг, 5 ноября 2020, 23:53 +03:00 от Brian Demers <br...@gmail.com>:
> 
>This isn't something Shiro covers directly, but it possible with a little custom code
>  You could write a custom SessionDAO, or you could use an existing one, and just access the data store to query what you need. For example, if you used a DB, you could just query the DB. It should be similar with a something like Hazelcast too.
>   
>On Thu, Nov 5, 2020 at 3:41 PM Alex Orlov < ooo_saturn7@mail.ru > wrote:
>>Do I understand you right — you are talking about implementing custom SessionDAO
>>and adding it to session manager?
>> 
>>sessionDAO = com.foo.my.SessionDAO
>>securityManager.sessionManager.sessionDAO = $sessionDAO
>> 
>>So, I always can a) get events when subject logs in (create) and logs out (delete) 2) find currently logged in Subjects?
>> 
>> 
>>--
>>Best regards, Alex Orlov
>> 
>>  
>>>Четверг, 5 ноября 2020, 23:12 +03:00 от Benjamin Marwell < bmarwell@apache.org >:
>>> 
>>>It depends.
>>> 
>>>I use jwt tokens. No chance here to invalidate them, but they get invalidate pretty quickly anyway.
>>> 
>>>But you can use any *distributed* session storage you like: a DBMS, a memory grid like hazelcast, or create your own local storage and sync them via jGroups, or even EJBs. It doesn't matter as long as all of the nodes use the same single or synchronously updated storage.
>>> 
>>>You can then iterate over all sessions in one of the nodes or via a sidecar container/app and invalidate them.
>>> 
>>>Just make sure you enter the session storage class in the shiro.ini.
>>>
>>>HTH
>>>Ben  
>>>On Thu, 5 Nov 2020, 20:47 Andreas Reichel, < andreas@manticore-projects.com > wrote:
>>>>Good evening Alex,
>>>> 
>>>>in my understanding this is not possible: Shiro works on the client side and provides an abstraction of authenticating/authorizing a client against a server.
>>>>But you look for a registry of sessions on the server side. That should not be Shiro's concern.
>>>> 
>>>>Best regards
>>>>Andreas
>>>> 
>>>> 
>>>>On Thu, 2020-11-05 at 22:42 +0300, Alex Orlov wrote:
>>>>>Hi all,
>>>>> 
>>>>>Could anyone say, how I can to get all logged in subjects. For example, Subjects
>>>>>have roles, roles have permissions. If in application a role were modified dynamically
>>>>>(for example in DB), I want to get all logged in subjects, iterate them, find those,
>>>>>who have this role, collect their principals and call in my realm method
>>>>>clearCachedAuthorizationInfo(PrincipalCollection principals).
>>>>> 
>>>>> 
>>>>>--
>>>>>Best regards, Alex Orlov
>>>> 
>>