Subject#getSession() should not return null. Do you have a stack trace or test case that can re-create this issue? If so, please create a Jira issue.
On Tue, Jul 14, 2009 at 12:50 AM, javamallu <[email protected]> wrote: > > Hi, > > > I am also facing a problem regarding sessions .First time when I login to > my > application the Subject.getSession returns a valid session and it is > successfully loggedin.But when I logout and login again in same browser,the > Subject.getSession returns null.Please help. > > Alphy > > Razvan wrote: > > > > Hi everyone, > > > > I am new to JSecurity, I am using it, I have a scenario to implement, I > > have > > some problems with it and I thought you could help :) > > > > scenario : > > > > A website that uses JSecurity to manage user's access to different parts > > of > > the site. Different parts of the site are subject to different terms and > > conditions. Also, the download of different products are also subject > > different terms and conditions. These terms and conditions may change > > while > > the users are still logged in ( rememberMe or active connection). What we > > need is that once the terms and conditions for a particular product/part > > of > > the site is changing, some users must be kicked before doing any action > > and > > forced to re-login to accept the new terms and conditions. Having this > > scenario, we need to access a list of all logged in subjects, check their > > principals against our particular set of users and kick those who match. > > > > > > problem : > > > > I've got the JSecurity sources and tried to follow code paths, debug etc > > etc > > and went to the point where I have all the active sessions. Unfortunately > > I > > haven't found a way to reach the subject associated with that session and > > I > > can't get the subject's principals and check them against my separate > > list. > > > > > > questions : > > > > What is the way to reach the subject via a session, in my case ? > > Is there another way/s to get all the logged in subjects ? > > Do you think is a good idea to keep a list of authenticated subjects in > my > > Realm implementation ? Does it affect clustering or anything else ( > mainly > > distributed stuff ) ? > > > > > > still digging : > > > > If you will point me to some listeners, none of the listeners > > (AuthenticatingListener or SessionListener) does not know about the > > subject > > but only auth token, auth info, and session so I cannot really handle my > > problem (storing the subject somewhere at login time or session > initiation > > time) only by using listeners and without extending some JSecurity > classes > > like SecurityManager impls which is not necessary a big effort but it > > looks > > like it (not very nice to maintain) for such a basic thing. > > > > > > Kind Regards, > > > > Thanks in advance > > > > Razvan > > > > > > -- > View this message in context: > http://n2.nabble.com/Subject-Session-relationship-tp2303079p3254275.html > Sent from the Shiro User mailing list archive at Nabble.com. >
