Hi Dan,
It seems to me like you might want to perform this logic in a
RememberMeManager implementation, where the first time the remembered
identity is acquired, you perform your logic.
As things stand today, a remembered identity, once acquired, is stored
in the session and re-acquired from there. This ensures that the
rememberMeManager is not called again for identity lookup repeatedly
unnecessarily (no need to acquire, decrypt and deserialize for every
request). That means you could override the
AbstractRememberMeManager.getRememberedPrincipals:
getRememberedPrincipals(SubjectContext context) {
Principals principals = super.getRememberedPrincipals(context);
// do your custom logic here
return principals;
}
(probably subclassing CookieRememberMeManager directly).
Of course, subclassing isn't ideal - it'd be nice to have a hook that
allows you to plug in something that can 'listen' for this event.
Please create a Jira issue if you'd like to see this enhancement.
Does this help?
Cheers,
Les
On Fri, Mar 25, 2011 at 12:25 PM, dan <[email protected]> wrote:
> Maybe I can re-phase my question to be more succinct:
>
> If a remembered user comes back to my site, I want to perform some extra
> validation steps the first time only. (e.g., I want to check that he
> remains an enabled user in our system) What implementation of this fits
> best into the Shiro architecture? (In my attempt, it runs through my extra
> validation steps with every page the user clicks on.)
>
> Thanks in advance,
> Dan
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/RememberMe-implementation-tp6201635p6208905.html
> Sent from the Shiro User mailing list archive at Nabble.com.
