Hi.
I am trying to set up my filter in the web.xml to redirect to the login
page when the session times out. Is there a default configuration for
this ?
I found in the mailing list a discussion about using a SessionListener
to handle the redirect:
> org.apache.shiro.session.SessionListener sessionListener = new
> MySessionListener();
> securityManager.addSessionListener(yourSessionListener);
>
I have this coded but the listener does not get invoked.
DefaultWebSecurityManager man = (DefaultWebSecurityManager)
SecurityUtils.getSecurityManager();
man.add(new SessionHandler());
public class SessionHandler implements SessionListener
{
public SessionHandler()
{
if (log.isDebugEnabled())
{
log.debug("SessionHandler:instance.");
}
}
@Override
public void onExpiration(Session arg0)
{
if (log.isDebugEnabled())
{
log.debug("SessionHandler:Shiro Session expired.");
}
}
@Override
public void onStart(Session arg0)
{
if (log.isDebugEnabled())
{
log.debug("SessionHandler:Shiro Session started.");
}
}
@Override
public void onStop(Session arg0)
{
if (log.isDebugEnabled())
{
log.debug("SessionHandler:Shiro Session stopped.");
}
}
}
I have this in the web.xml.
[filters]
shiro.loginUrl = /login.jsp
roles.unauthorizedUrl = /login.jsp
perms.unauthorizedUrl = /login.jsp
Is there a filter named shiro.sessionTimeout or something like it that
would help control this ?
Thanks for your help,
David
