Hi Les, I don't know how to implement something like the SubjectManager, can you give a short example of that Thanks,
Jelle Les Hazlewood-2 wrote: > > Hi Jelle, > > In a web-environment, the JSecurityFilter does some automatic logic: > > when a request comes in, it tries to acquire the session associated with > the > request. If the session is expired (catches an ExpiredSessionException), > it > automatically creates a new one. > > The DefaultSecurityManager, used in a non-web environment, does not > currently automatically perform this 'auto create if expired' logic. I've > added a Jira issue to track this: > https://issues.apache.org/jira/browse/JSEC-46 as I feel it would be a > worthwhile improvement. > > In the meantime, you could always have a wrapper SubjectManager that you > interact with in your application that wraps the Subject.* calls (this is > a > good idea anyway, as it abstracts JSecurity's API away from your > application). In that implementation, you could catch any > InvalidSessionException and then automatically create a new session and > return that. > > Please subscribe to the Jira issue if you want to see when the > functionality > will be available. > > Cheers, > > Les > > On Tue, Jan 20, 2009 at 10:05 AM, jvreeker <[email protected]> wrote: > >> >> I am using a spring service and hibernate. >> >> I have a credentialsMatcher that is using a DAO to check if the user >> exsist >> in the DB. >> I think i forget something! >> >> Jelle >> >> >> Les Hazlewood-2 wrote: >> > >> > Hi Jelle, >> > >> > What environment are you running in? Is this a web application or >> > business-tier/standalone? >> > >> > Thanks, >> > >> > Les >> > >> > On Tue, Jan 20, 2009 at 8:50 AM, jvreeker <[email protected]> >> wrote: >> > >> >> >> >> I have some problems with expiration of a session. >> >> I created a login function. >> >> >> >> Subject currentUser = securityManager.getSubject(); >> >> if (!currentUser.isAuthenticated()) >> >> { >> >> currentUser.login(usernamePasswordToken); >> >> >> >> Session s = currentUser.getSession(); >> >> >> >> s.setTimeout( 600000); >> >> s.setAttribute(CacheConstants.USEROBJECT, tmpData); >> >> } >> >> So timeout is 10 minutes. >> >> If I wait for more than 10 minutes and login again with the same user >> I >> >> always get ExpiredSessionException. >> >> How can I remove this session and login again and create a new >> Session. >> >> >> >> Thanks, >> >> Jelle >> >> >> >> -- >> >> View this message in context: >> >> http://n2.nabble.com/Session-Expiration-tp2186574p2186574.html >> >> Sent from the JSecurity User mailing list archive at Nabble.com. >> >> >> >> >> > >> > >> >> -- >> View this message in context: >> http://n2.nabble.com/Session-Expiration-tp2186574p2186919.html >> Sent from the JSecurity User mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://n2.nabble.com/Session-Expiration-tp2186574p2218186.html Sent from the JSecurity User mailing list archive at Nabble.com.
