You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Aleksey Didik <di...@magenta-technology.ru> on 2010/05/26 10:10:11 UTC
Add Session Listeners to Shiro
Hello all,
I'm tring to find the way to attach some session listeners to my
security manager.
I use Shiro in my web app and use DefaultWebSecurityManager.
But I configure it manually, not with ini in web.xml.
Please, help :)
Best regards,
Aleksey.
Re: Add Session Listeners to Shiro
Posted by Aleksey Didik <di...@magenta-technology.ru>.
Thanks, Les, for so detailed answer!
26.05.2010 20:54, Les Hazlewood пишет:
> Because the Servlet API does not have the notion of a global
> SessionListener construct as Shiro does, you first have to ensure that
> you're using native sessions:
>
> defaultWebSecurityManager.setSessionMode(DefaultWebSecurityManager.NATIVE_SESSION_MODE);
>
> After you've made this call, then you can do the following:
>
> ((AbstractNativeSessionManager)defaultWebSecurityManager.getSessionManager()).setSessionListeners(mySessionListenerList);
>
> If it is possible to use the INI config, I highly recommend it as it
> will often simplify your config efforts (no need to cast classes,
> etc). Here is the above w/ INI config:
>
> [main]
> sessionListener1 = com.my.session.listener.Implementation
> # as many SessionListeners as you want ...
> sessionListenerN = com.my.other.session.listener.Implementation
>
> securityManager.sessionMode = native
> securityManager.sessionManager.sessionListeners = $sessionListener1,
> ..., $sessionListenerN
>
> Also note that INI config does not need to be embedded in web.xml if
> you don't want it to be. The IniShiroFilter supports an alternative
> 'configPath' init-param that allows you to specify any location you
> want using classpath:, file: or url: prefixes to point to any of those
> respective resource locations.
>
> Cheers,
>
> Les
>
> On Wed, May 26, 2010 at 1:10 AM, Aleksey Didik
> <di...@magenta-technology.ru> wrote:
>
>> Hello all,
>> I'm tring to find the way to attach some session listeners to my security
>> manager.
>> I use Shiro in my web app and use DefaultWebSecurityManager.
>> But I configure it manually, not with ini in web.xml.
>>
>> Please, help :)
>>
>> Best regards,
>> Aleksey.
>>
>>
>
Re: Add Session Listeners to Shiro
Posted by Les Hazlewood <lh...@apache.org>.
Because the Servlet API does not have the notion of a global
SessionListener construct as Shiro does, you first have to ensure that
you're using native sessions:
defaultWebSecurityManager.setSessionMode(DefaultWebSecurityManager.NATIVE_SESSION_MODE);
After you've made this call, then you can do the following:
((AbstractNativeSessionManager)defaultWebSecurityManager.getSessionManager()).setSessionListeners(mySessionListenerList);
If it is possible to use the INI config, I highly recommend it as it
will often simplify your config efforts (no need to cast classes,
etc). Here is the above w/ INI config:
[main]
sessionListener1 = com.my.session.listener.Implementation
# as many SessionListeners as you want ...
sessionListenerN = com.my.other.session.listener.Implementation
securityManager.sessionMode = native
securityManager.sessionManager.sessionListeners = $sessionListener1,
..., $sessionListenerN
Also note that INI config does not need to be embedded in web.xml if
you don't want it to be. The IniShiroFilter supports an alternative
'configPath' init-param that allows you to specify any location you
want using classpath:, file: or url: prefixes to point to any of those
respective resource locations.
Cheers,
Les
On Wed, May 26, 2010 at 1:10 AM, Aleksey Didik
<di...@magenta-technology.ru> wrote:
> Hello all,
> I'm tring to find the way to attach some session listeners to my security
> manager.
> I use Shiro in my web app and use DefaultWebSecurityManager.
> But I configure it manually, not with ini in web.xml.
>
> Please, help :)
>
> Best regards,
> Aleksey.
>