You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Nagaraju Kurma <na...@enhancesys.com> on 2013/11/04 12:38:09 UTC

sticky session is not working in apache shiro

Please have a look on follows..............!

I have prepared a load balancing using apache httpd (Apache/2.2.3) server
having back end nodes as tomcat servers (tomcat7)

i configured tomcat1 as the worker-1 and tomcat-2 as the worker-2 and
tested by deploying other example application which is working with sticky
session fine.

If i deploy and test out shiro security enabled application then the sticky
session is not working, i think some where the configuration is required.

this is my shiro-security.xml (shiro configuration)
-----------------------------------------------------------------------


<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="globalSessionTimeout" value="1800000"></property>
<property name="sessionListeners">
<util:list>
<bean class="net.enhancesys.auth.listener.SessionAwareListener"></bean>
</util:list>
</property>
</bean>
<bean id="jdbcRealm" class="net.enhancesys.auth.realm.PostgressRealm"
autowire="byType">
<property name="name" value="jdbcRealm" />
<property name="credentialsMatcher">
<bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="SHA-256" />
<property name="storedCredentialsHexEncoded" value="false" />
</bean>
</property>
</bean>

<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- <property name="cacheManager" ref="cacheManager" /> -->
<property name="sessionMode" value="native" />
<property name="realm" ref="jdbcRealm" />
<property name="sessionManager" ref="sessionManager"></property>
</bean>

<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor" />
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/anon/refresh" />
<property name="successUrl"
value="redirect:/main/welcome1?cat=dashboard.summary" />
<property name="unauthorizedUrl" value="/anon/login" />
<property name="filterChainDefinitions">
<value>
/anon/* = anon
/main/logout = logout
/** = authc
</value>
</property>
</bean>
</beans>



I got some thing like cacheManager.cacheSessionLocally = true
       ---> is it for sticky session purpose?

 If so where should i configure that else whats my configuration changes
needs...!

Any help is very much appreciated.

Thanks & Regards,

Nagaraju K