You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by tiagowanke <tw...@gmail.com> on 2014/10/09 03:51:38 UTC

Apache shiro remember me not working

Im trying to use the rememberme feature from apache shiro, but its not
working.

I have this shiro.ini

[main]
ds = org.apache.shiro.jndi.JndiObjectFactory   
ds.requiredType = javax.sql.DataSource  
ds.resourceName = java:/comp/env/jdbc/myDS


# JDBC realm config  
jdbcRealm = br.com.myproject.web.service.security.JdbcRealmImpl
jdbcRealm.permissionsLookupEnabled = true 
jdbcRealm.authenticationQuery = SELECT password FROM user WHERE username = ?
AND status = 1
jdbcRealm.dataSource = $ds

sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
jdbcRealm.credentialsMatcher = $sha256Matcher
securityManager.realms = $jdbcRealm

[urls]
/** = authcBasic
This is my JdbcRealmImpl:

public class JdbcRealmImpl extends JdbcRealm {

    public JdbcRealmImpl() {
        super();
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(
            final AuthenticationToken token) throws AuthenticationException
{

        final AuthenticationInfo info =
super.doGetAuthenticationInfo(token);

        final UserDB userDB = new UserDB();
        final User user = userDB.getUserByUsername((String)
token.getPrincipal());

        return new SimpleAuthenticationInfo(user, info.getCredentials(),
getName());
    }    

}
Since this is a web service project i have a login service:

@POST
@Path("/login")
public Response login(@FormParam("username") final String username,
@FormParam("password") final String password, @FormParam("remember") final
boolean remember) {

    final Subject currentUser = SecurityUtils.getSubject();

    if (!currentUser.isAuthenticated()) {
        final UsernamePasswordToken token = new
UsernamePasswordToken(username, password);
        try {
            token.setRememberMe(remember);
            currentUser.login(token);
        } catch (final AuthenticationException e) {
            return Response.status(Status.BAD_REQUEST).entity("Invalid
user").build();
        }
    }

    return Response.ok().build();
}

The problem is that SecurityUtils.getSubject().isRemembered() always return
false even when i set token.setRememberMe(true);

Is there any configuration that im missing?




--
View this message in context: http://shiro-user.582556.n2.nabble.com/Apache-shiro-remember-me-not-working-tp7580273.html
Sent from the Shiro User mailing list archive at Nabble.com.

RE: Apache shiro remember me not working

Posted by Konrad Zuse <th...@hotmail.com>.

First off I want to say that the sha256credentialsmatcher isn't used anymore, and you should look at passwordService and PasswordMatcher.

Next I want to say that RememberMe requires a cookie on the web, but not too sure about ewhat's fully needed for a client application.  I would search for rememberme i shiro to find the doc about it.

> Date: Wed, 8 Oct 2014 18:51:38 -0700
> From: twmsoftware@gmail.com
> To: user@shiro.apache.org
> Subject: Apache shiro remember me not working
> 
> Im trying to use the rememberme feature from apache shiro, but its not
> working.
> 
> I have this shiro.ini
> 
> [main]
> ds = org.apache.shiro.jndi.JndiObjectFactory   
> ds.requiredType = javax.sql.DataSource  
> ds.resourceName = java:/comp/env/jdbc/myDS
> 
> 
> # JDBC realm config  
> jdbcRealm = br.com.myproject.web.service.security.JdbcRealmImpl
> jdbcRealm.permissionsLookupEnabled = true 
> jdbcRealm.authenticationQuery = SELECT password FROM user WHERE username = ?
> AND status = 1
> jdbcRealm.dataSource = $ds
> 
> sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
> jdbcRealm.credentialsMatcher = $sha256Matcher
> securityManager.realms = $jdbcRealm
> 
> [urls]
> /** = authcBasic
> This is my JdbcRealmImpl:
> 
> public class JdbcRealmImpl extends JdbcRealm {
> 
>     public JdbcRealmImpl() {
>         super();
>     }
> 
>     @Override
>     protected AuthenticationInfo doGetAuthenticationInfo(
>             final AuthenticationToken token) throws AuthenticationException
> {
> 
>         final AuthenticationInfo info =
> super.doGetAuthenticationInfo(token);
> 
>         final UserDB userDB = new UserDB();
>         final User user = userDB.getUserByUsername((String)
> token.getPrincipal());
> 
>         return new SimpleAuthenticationInfo(user, info.getCredentials(),
> getName());
>     }    
> 
> }
> Since this is a web service project i have a login service:
> 
> @POST
> @Path("/login")
> public Response login(@FormParam("username") final String username,
> @FormParam("password") final String password, @FormParam("remember") final
> boolean remember) {
> 
>     final Subject currentUser = SecurityUtils.getSubject();
> 
>     if (!currentUser.isAuthenticated()) {
>         final UsernamePasswordToken token = new
> UsernamePasswordToken(username, password);
>         try {
>             token.setRememberMe(remember);
>             currentUser.login(token);
>         } catch (final AuthenticationException e) {
>             return Response.status(Status.BAD_REQUEST).entity("Invalid
> user").build();
>         }
>     }
> 
>     return Response.ok().build();
> }
> 
> The problem is that SecurityUtils.getSubject().isRemembered() always return
> false even when i set token.setRememberMe(true);
> 
> Is there any configuration that im missing?
> 
> 
> 
> 
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Apache-shiro-remember-me-not-working-tp7580273.html
> Sent from the Shiro User mailing list archive at Nabble.com.