Hi --
I have implemented rememberMe which will do two things when a remembered
subject accesses the site:
1. check that he is "enabled" -- a feature in our database
2. initialize our application objects that he is logged in.
It works fine except that the remembered user goes through the
isAccessAllowed() page with every page access! I think I'm not
understanding something. Here is how my method looks:
@Override
protected boolean isAccessAllowed(ServletRequest request,
ServletResponse
response, Object mappedValue) {
Subject subject = getSubject(request, response);
// support the rememberMe feature by propagating the subject to our
application...
if(subject.isRemembered()) {
final String username = (String)subject.getPrincipal();
if(!UserServices.isUserEnabled(username)) {
return false;
}
UserServices.setCurrentUser(username, true);
}
return subject.isAuthenticated() || subject.isRemembered();
}
Thanks for any help!
Dan
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/RememberMe-implementation-tp6201635p6201635.html
Sent from the Shiro User mailing list archive at Nabble.com.
