The only reason I went down this path is when my session timed out I wanted to redirect the user to the login page. The behavior I currently get is the session times out and Shiro automatically logs the user back in anonymously (which is bad for what I'm doing).
I tracked down a method called onInvalidSessionId() which I figured I could override and use for the redirection. I'd rather not do this but I'm not sure what my options are. Thanks, David -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Les Hazlewood Sent: Tuesday, April 20, 2010 2:12 PM To: [email protected] Subject: Re: is is possible to override the default security manager in the web filter ? Sure, this should work: [main] securityManager = com.whatever...MySecurityManager ... However, it is very odd to subclass the SecurityManager implementations - they are designed specifically to be global wrappers around the components that do the heavy lifting. You should be able to plug in those components rather than subclassing your own SM. Of course, you can do whatever you want, but that's the general idea ;) Also, you should be using the org.apache.shiro.web.servlet.IniShiroFilter now - not the org.apache.shiro.web.servlet.ShiroFilter. The plain ShiroFilter has been deprecated and will be removed for the 1.0 release. Regards, Les On Tue, Apr 20, 2010 at 7:05 PM, David Higginbotham <[email protected]> wrote: > > I'm trying to use the ShiroFilter. I'd like to extend the default > security manager and start up this new security manager in the filter. > Is this possible ? > > securityManager = domain.mystuff.MySecurityManager > securityManager.sessionMode = native > > As far as I can tell this is being ignored. I always get an instance of > the DefaultSecurityManager. > > Thanks, > > David >
