Hi,
I am also facing a problem regarding sessions .First time when I login to my application the Subject.getSession returns a valid session and it is successfully loggedin.But when I logout and login again in same browser,the Subject.getSession returns null.Please help. Alphy Razvan wrote: > > Hi everyone, > > I am new to JSecurity, I am using it, I have a scenario to implement, I > have > some problems with it and I thought you could help :) > > scenario : > > A website that uses JSecurity to manage user's access to different parts > of > the site. Different parts of the site are subject to different terms and > conditions. Also, the download of different products are also subject > different terms and conditions. These terms and conditions may change > while > the users are still logged in ( rememberMe or active connection). What we > need is that once the terms and conditions for a particular product/part > of > the site is changing, some users must be kicked before doing any action > and > forced to re-login to accept the new terms and conditions. Having this > scenario, we need to access a list of all logged in subjects, check their > principals against our particular set of users and kick those who match. > > > problem : > > I've got the JSecurity sources and tried to follow code paths, debug etc > etc > and went to the point where I have all the active sessions. Unfortunately > I > haven't found a way to reach the subject associated with that session and > I > can't get the subject's principals and check them against my separate > list. > > > questions : > > What is the way to reach the subject via a session, in my case ? > Is there another way/s to get all the logged in subjects ? > Do you think is a good idea to keep a list of authenticated subjects in my > Realm implementation ? Does it affect clustering or anything else ( mainly > distributed stuff ) ? > > > still digging : > > If you will point me to some listeners, none of the listeners > (AuthenticatingListener or SessionListener) does not know about the > subject > but only auth token, auth info, and session so I cannot really handle my > problem (storing the subject somewhere at login time or session initiation > time) only by using listeners and without extending some JSecurity classes > like SecurityManager impls which is not necessary a big effort but it > looks > like it (not very nice to maintain) for such a basic thing. > > > Kind Regards, > > Thanks in advance > > Razvan > > -- View this message in context: http://n2.nabble.com/Subject-Session-relationship-tp2303079p3254275.html Sent from the Shiro User mailing list archive at Nabble.com.
