You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by arecibo <kc...@gmail.com> on 2011/10/09 14:36:05 UTC
Re: Callout for remember me?
I have the same requirements. I am trying to use a custom security manager
that extends from DefaultSecurityManager and a custom rememberMe manager
that extends from CookieRememberMeManager. In my custom class, I override
onSuccessfulLogin and rememberMeSuccessfulLogin to provide my own
after-login hook:
@Override
void onSuccessfulLogin(AuthenticationToken token, AuthenticationInfo info,
Subject subject) {
super.onSuccessfulLogin(token, info, subject)
afterLogin(token, info, subject)
}
@Override
void rememberMeSuccessfulLogin(AuthenticationToken token,
AuthenticationInfo info, Subject subject) {
super.rememberMeSuccessfulLogin(token, info, subject)
afterLogin(token, info, subject)
}
It works fine when users login with username and password. But when users
login with remember Me, these methods are not called. Is this the right way
to add a hook for remember me login?
Thanks,
Kenny
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Callout-for-remember-me-tp4610313p6874230.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Callout for remember me?
Posted by dan <da...@bamlabs.com>.
Hi --
Just a follow-up. I was able to resolve this issue by extending
DefaultWebSecurityManager and overriding createSubject(SubjectContext
subjectContext). It now has almost the same functionality but allows a
callout to a new method to handle my application-specific initialization for
remember me sessions.
The key change in createSubject() were these lines:
final boolean before = context.getPrincipals() == null;
context = resolvePrincipals(context);
Subject subject = doCreateSubject(context);
if (before && context.getPrincipals() != null)
{
Object o = context.getPrincipals().getPrimaryPrincipal();
if (o instanceof String)
{
onSuccessfulRememberMeLogin(subject, (String) o);
}
}
The new method is:
private void onSuccessfulRememberMeLogin(Subject subject, String username)
Hope this helps,
Dan
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Callout-for-remember-me-tp4610313p7578834.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Callout for remember me?
Posted by dan <da...@bamlabs.com>.
Hi --
I am also encountering the same problem.
In my case, whenever a remember me logon occurs, I wish to invoke some code,
let's say foo(subject), which is passed the Subject. What I think I really
want is that a onSuccessfulRememberMeLogin() method be part of the
CookieRememberMeManger class, and that it would be called when a remember me
cookie is authenticated and would be called only once. (I know that there
is a onSuccessfulLogon() method but it is called whenever any logon is
successful.)
(When a regular login is successful, I call onSuccessfulLogin() in my
FormAuthenticationFilter-extended class which then invokes my app-specific
code, foo(subject) to do some setup.)
I can't hook into getRememberedPrincipals() because the Subject hasn't been
created at this point. I thought that perhaps in SecurityManager, I could
hook into createSubject() but this method might be called from other places.
Any ideas?
Thanks much in advance,
Dan
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Callout-for-remember-me-tp4610313p7578782.html
Sent from the Shiro User mailing list archive at Nabble.com.