You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by tiagowanke <tw...@gmail.com> on 2014/10/09 03:51:38 UTC
Apache shiro remember me not working
Im trying to use the rememberme feature from apache shiro, but its not
working.
I have this shiro.ini
[main]
ds = org.apache.shiro.jndi.JndiObjectFactory
ds.requiredType = javax.sql.DataSource
ds.resourceName = java:/comp/env/jdbc/myDS
# JDBC realm config
jdbcRealm = br.com.myproject.web.service.security.JdbcRealmImpl
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = SELECT password FROM user WHERE username = ?
AND status = 1
jdbcRealm.dataSource = $ds
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
jdbcRealm.credentialsMatcher = $sha256Matcher
securityManager.realms = $jdbcRealm
[urls]
/** = authcBasic
This is my JdbcRealmImpl:
public class JdbcRealmImpl extends JdbcRealm {
public JdbcRealmImpl() {
super();
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
final AuthenticationToken token) throws AuthenticationException
{
final AuthenticationInfo info =
super.doGetAuthenticationInfo(token);
final UserDB userDB = new UserDB();
final User user = userDB.getUserByUsername((String)
token.getPrincipal());
return new SimpleAuthenticationInfo(user, info.getCredentials(),
getName());
}
}
Since this is a web service project i have a login service:
@POST
@Path("/login")
public Response login(@FormParam("username") final String username,
@FormParam("password") final String password, @FormParam("remember") final
boolean remember) {
final Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
final UsernamePasswordToken token = new
UsernamePasswordToken(username, password);
try {
token.setRememberMe(remember);
currentUser.login(token);
} catch (final AuthenticationException e) {
return Response.status(Status.BAD_REQUEST).entity("Invalid
user").build();
}
}
return Response.ok().build();
}
The problem is that SecurityUtils.getSubject().isRemembered() always return
false even when i set token.setRememberMe(true);
Is there any configuration that im missing?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Apache-shiro-remember-me-not-working-tp7580273.html
Sent from the Shiro User mailing list archive at Nabble.com.
RE: Apache shiro remember me not working
Posted by Konrad Zuse <th...@hotmail.com>.
First off I want to say that the sha256credentialsmatcher isn't used anymore, and you should look at passwordService and PasswordMatcher.
Next I want to say that RememberMe requires a cookie on the web, but not too sure about ewhat's fully needed for a client application. I would search for rememberme i shiro to find the doc about it.
> Date: Wed, 8 Oct 2014 18:51:38 -0700
> From: twmsoftware@gmail.com
> To: user@shiro.apache.org
> Subject: Apache shiro remember me not working
>
> Im trying to use the rememberme feature from apache shiro, but its not
> working.
>
> I have this shiro.ini
>
> [main]
> ds = org.apache.shiro.jndi.JndiObjectFactory
> ds.requiredType = javax.sql.DataSource
> ds.resourceName = java:/comp/env/jdbc/myDS
>
>
> # JDBC realm config
> jdbcRealm = br.com.myproject.web.service.security.JdbcRealmImpl
> jdbcRealm.permissionsLookupEnabled = true
> jdbcRealm.authenticationQuery = SELECT password FROM user WHERE username = ?
> AND status = 1
> jdbcRealm.dataSource = $ds
>
> sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
> jdbcRealm.credentialsMatcher = $sha256Matcher
> securityManager.realms = $jdbcRealm
>
> [urls]
> /** = authcBasic
> This is my JdbcRealmImpl:
>
> public class JdbcRealmImpl extends JdbcRealm {
>
> public JdbcRealmImpl() {
> super();
> }
>
> @Override
> protected AuthenticationInfo doGetAuthenticationInfo(
> final AuthenticationToken token) throws AuthenticationException
> {
>
> final AuthenticationInfo info =
> super.doGetAuthenticationInfo(token);
>
> final UserDB userDB = new UserDB();
> final User user = userDB.getUserByUsername((String)
> token.getPrincipal());
>
> return new SimpleAuthenticationInfo(user, info.getCredentials(),
> getName());
> }
>
> }
> Since this is a web service project i have a login service:
>
> @POST
> @Path("/login")
> public Response login(@FormParam("username") final String username,
> @FormParam("password") final String password, @FormParam("remember") final
> boolean remember) {
>
> final Subject currentUser = SecurityUtils.getSubject();
>
> if (!currentUser.isAuthenticated()) {
> final UsernamePasswordToken token = new
> UsernamePasswordToken(username, password);
> try {
> token.setRememberMe(remember);
> currentUser.login(token);
> } catch (final AuthenticationException e) {
> return Response.status(Status.BAD_REQUEST).entity("Invalid
> user").build();
> }
> }
>
> return Response.ok().build();
> }
>
> The problem is that SecurityUtils.getSubject().isRemembered() always return
> false even when i set token.setRememberMe(true);
>
> Is there any configuration that im missing?
>
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Apache-shiro-remember-me-not-working-tp7580273.html
> Sent from the Shiro User mailing list archive at Nabble.com.