You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Warren Bell <wa...@gmail.com> on 2012/05/08 03:20:30 UTC
limiting the number of devices a user can be logged into
Is there anything built into Shiro that will keep a user from logging
into more than one device at a time ? I have another non Shiro app that
I wrote that does this. I had to keep track of users, sessions and
devices. It would be nice if Shiro has something like this built in.
--
Thanks,
Warren Bell
Re: limiting the number of devices a user can be logged into
Posted by Les Hazlewood <lh...@apache.org>.
A DefaultWebSessionManager (and it's SessionDAO) is enabled explicitly in
configuration. For example:
[main]
shiro.loginUrl = /login.jsp
sessionDAO = com.foo.my.impl.SessionDAO
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionDAO = $sessionDAO
#set the sessionManager on the securityManager:
securityManager.sessionManager = $sessionManager
You can obtain it at runtime by using reflection or casting:
SessionManager sessionManager =
((DefaultWebSecurityManager)securityManager).getSessionManager();
SessionDAO sessionDAO =
((DefaultWebSessionManager)sessionManager).getSessionDAO();
HTH,
--
Les Hazlewood
CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog:
http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
On Tue, May 8, 2012 at 11:53 AM, Warren Bell <wa...@gmail.com> wrote:
> How do I get a hold of the SessionDAO implementation ? I see a
> DefaultWebSessionManager, how do I get to that ?
>
> Thanks,
>
> Warren Bell
>
> On 5/8/12 11:18 AM, Les Hazlewood wrote:
> > There isn't anything built-in per se. However, if you're using Shiro's
> > native session management, and you use a queryable session data store
> > (SessionDAO), you can query for any session within the session timeout
> > owned by a particular user.
> >
> > If there is a session for that end-user, then they are using the app, and
> > another authentication should be prevented.
> >
> > If you have any ideas of how this might be able to be supported by Shiro
> > natively (code patches welcome of course!), I'd love to investigate the
> > possibility of including it.
> >
> > Cheers,
> >
> > --
> > Les Hazlewood
> > CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> > 888.391.5282
> > twitter: @lhazlewood | http://twitter.com/lhazlewood
> > blog: http://leshazlewood.com
> > stormpath blog:
> > http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
> >
> > On Mon, May 7, 2012 at 6:20 PM, Warren Bell <wa...@gmail.com>
> wrote:
> >
> >> Is there anything built into Shiro that will keep a user from logging
> >> into more than one device at a time ? I have another non Shiro app that
> >> I wrote that does this. I had to keep track of users, sessions and
> >> devices. It would be nice if Shiro has something like this built in.
> >>
> >> --
> >> Thanks,
> >>
> >> Warren Bell
> >>
> >
>
Re: limiting the number of devices a user can be logged into
Posted by Warren Bell <wa...@gmail.com>.
How do I get a hold of the SessionDAO implementation ? I see a
DefaultWebSessionManager, how do I get to that ?
Thanks,
Warren Bell
On 5/8/12 11:18 AM, Les Hazlewood wrote:
> There isn't anything built-in per se. However, if you're using Shiro's
> native session management, and you use a queryable session data store
> (SessionDAO), you can query for any session within the session timeout
> owned by a particular user.
>
> If there is a session for that end-user, then they are using the app, and
> another authentication should be prevented.
>
> If you have any ideas of how this might be able to be supported by Shiro
> natively (code patches welcome of course!), I'd love to investigate the
> possibility of including it.
>
> Cheers,
>
> --
> Les Hazlewood
> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> 888.391.5282
> twitter: @lhazlewood | http://twitter.com/lhazlewood
> blog: http://leshazlewood.com
> stormpath blog:
> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
>
> On Mon, May 7, 2012 at 6:20 PM, Warren Bell <wa...@gmail.com> wrote:
>
>> Is there anything built into Shiro that will keep a user from logging
>> into more than one device at a time ? I have another non Shiro app that
>> I wrote that does this. I had to keep track of users, sessions and
>> devices. It would be nice if Shiro has something like this built in.
>>
>> --
>> Thanks,
>>
>> Warren Bell
>>
>
Re: limiting the number of devices a user can be logged into
Posted by Les Hazlewood <lh...@apache.org>.
There isn't anything built-in per se. However, if you're using Shiro's
native session management, and you use a queryable session data store
(SessionDAO), you can query for any session within the session timeout
owned by a particular user.
If there is a session for that end-user, then they are using the app, and
another authentication should be prevented.
If you have any ideas of how this might be able to be supported by Shiro
natively (code patches welcome of course!), I'd love to investigate the
possibility of including it.
Cheers,
--
Les Hazlewood
CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog:
http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
On Mon, May 7, 2012 at 6:20 PM, Warren Bell <wa...@gmail.com> wrote:
> Is there anything built into Shiro that will keep a user from logging
> into more than one device at a time ? I have another non Shiro app that
> I wrote that does this. I had to keep track of users, sessions and
> devices. It would be nice if Shiro has something like this built in.
>
> --
> Thanks,
>
> Warren Bell
>