I'm not sure what the cleanest way to do this, but I did the following:
1) add a method on my custom realm:
public void invalidateUser(PrincipalCollection principals) {
this.clearCachedAuthorizationInfo(principals);
}
2)
Whenever I want to invalidate a session, I call:
public static void invalidateUserAuth() {
RealmSecurityManager mgr =
(RealmSecurityManager)SecurityUtils.getSecurityManager();
Collection<Realm> realmCollection = mgr.getRealms();
Iterator<Realm> i = realmCollection.iterator();
//There should be only one realm in this configuration.
if(i.hasNext()) {
MyRealm r = (MyRealm)i.next();
r.invalidateUser(SecurityUtils.getSubject().getPrincipals());
}
}
---James
----- Original Message -----
From: "Mike K" <[email protected]>
To: <[email protected]>
Sent: Tuesday, January 31, 2012 4:39 PM
Subject: Invalidating sessions
What is a cleanest way to invalidate a session?
I currently reaching into sessionDAO and deleting it, but I think actually
taking over that session and logging out would be preferable.
Any ideas?
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Invalidating-sessions-tp7241745p7241745.html
Sent from the Shiro User mailing list archive at Nabble.com.
