[
https://issues.apache.org/jira/browse/SHIRO-486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16672363#comment-16672363
]
Roman Doboni edited comment on SHIRO-486 at 11/1/18 11:38 PM:
--------------------------------------------------------------
It's quite easy to make it work with Shiro, although It took me a while to
understand what's happening.
Core issue - the HttpSessionBindingListener is called only when the attribute
is removed, but not when the session is killed.
Work around - Implement a SessionListener that would do that for you.
{code:java}
@Override
public void onStop(Session session)
{
processHttpSessionBindingListeners(session);
}
@Override
public void onExpiration(Session session)
{
processHttpSessionBindingListeners(session);
}
protected void processHttpSessionBindingListeners(Session session)
{
for (Object key : session.getAttributeKeys())
{
Object attribute = session.getAttribute(key);
if (attribute instanceof HttpSessionBindingListener)
{
try
{
//signal all registered listeners
((HttpSessionBindingListener) attribute).valueUnbound(null);
}
catch (Throwable t)
{
LOG.debug("Error calling valueUnbound on [" + attribute + "] with key [" + key
+ "]", t);
}
}
}
}
{code}
was (Author: romanow):
It's quite easy to make it work with Shiro, although It took me a while to
understand what's happening.
Core issue - the HttpSessionBindingListener is called only when the attribute
is removed, but not when the session is killed.
Work around - Implement a SessionListener that would do that for you.
{code}
@Override
public void onStop(Session session)
{
processHttpSessionBindingListeners(session);
}
@Override
public void onExpiration(Session session)
{
processHttpSessionBindingListeners(session);
}
// need to log any throwable
@SuppressWarnings("squid:S1181")
protected void processHttpSessionBindingListeners(Session session)
{
for (Object key : session.getAttributeKeys())
{
Object attribute = session.getAttribute(key);
if (attribute instanceof HttpSessionBindingListener)
{
try
{
//signal all registered listeners
((HttpSessionBindingListener) attribute).valueUnbound(null);
}
catch (Throwable t)
{
LOG.debug("Error calling valueUnbound on [" + attribute + "] with key [" + key
+ "]", t);
}
}
}
}
{code}
> HttpSessionBindingListener not called when session expires
> ----------------------------------------------------------
>
> Key: SHIRO-486
> URL: https://issues.apache.org/jira/browse/SHIRO-486
> Project: Shiro
> Issue Type: Bug
> Components: Session Management
> Affects Versions: 1.2.1, 1.2.2
> Environment: jdk7
> Reporter: Steve
> Priority: Major
> Attachments: spring-shiro-predestroy.zip
>
>
> I posted this in the user mailing list, but after some debugging I think it
> is a bug in shiro's native session management: It seems that the
> HttpSessionBindingListener that spring installs is not called on destroy, so
> Spring is not able to delete session-scoped beans.
> From the mailing list post:
> I'm having problems with session-scoped beans like this one
>
> @Named
> @Scope(proxyMode = ScopedProxyMode.TARGET_CLASS, value = "session")
> public class SessionBean {
>
> @PostConstruct
> public void init()
>
> @PreDestroy
> public void destroy()
> }
>
> Using Shiro's default "ServletContainerSessionManager" both methods are
> called as expected, but when I switch to native session management with
> DefaultWebSessionManager the pre-destroy method is never called (post
> construct gets called). The validationScheduler runs, and the
> globalSessionTimeout has been set.
>
> Anyone knows whats happening here ? I've uploaded a small example project as
> an attachement (just comment out the sessionManager in
> applicationContext.xml to see the working @PreDestroy).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
