Hi Alex, Yes, that's possible. A session can be created and stopped before it is associated with an identity - for example, if the session was created by a guest (user, robot, etc), and that guest never logged in and their session expired.
For sessions that have been associated with a known user (e.g. via login or rememberMe), you would be able to obtain the identity (principals). Just be aware that the onStop method is called before the session (and its associated principals) are removed. You can perform 'read' operations only (get the principals, check the last access time, etc) during this time. You can't perform any 'write' operations (add attributes, etc). HTH, Les Hazlewood CTO, Stormpath | http://www.stormpath.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood blog: http://leshazlewood.com stormpath blog: http://www.stormpath.com/blog/ On Fri, Apr 6, 2012 at 10:46 AM, Alex Vasilenko <[email protected]> wrote: > Les, > > Is it possible that there won't be principals on user's logout in > SessionListener#onStop()? > > Alexandr Vasilenko > > > 2012/4/6 Alex Vasilenko <[email protected]> >> >> Simple and powerful :). Thanks, Les. >> >> Alexandr Vasilenko >> >> >> 2012/4/6 Les Hazlewood <[email protected]> >>> >>> Hi Alex, >>> >>> The easiest way to do this is to construct the Subject instance >>> associated with the session given to the listener: >>> >>> Subject owningSubject = new >>> Subject.Builder().session(theSession).buildSubject(); >>> >>> You can interact with the 'owningSubject' instance to acquire what you >>> need (e.g. owningSubject.getPrincipal()). >>> >>> This way, you don't need to know about the implementation details of >>> how to acquire the principals (i.e. what session key to use, etc). >>> This is good because those implementation details might change over >>> time, but your code based on the Subject.Builder should always work >>> the same way. >>> >>> Cheers, >>> >>> Les Hazlewood >>> CTO, Stormpath | http://www.stormpath.com | 888.391.5282 >>> twitter: @lhazlewood | http://twitter.com/lhazlewood >>> blog: http://leshazlewood.com >>> stormpath blog: http://www.stormpath.com/blog/ >>> >>> On Thu, Apr 5, 2012 at 12:34 PM, Alex Vasilenko <[email protected]> >>> wrote: >>> > Hello, >>> > >>> > Is there any simple solution to retrieve user's principals in >>> > SessionListener? As far as I understand it's abstracted from subject >>> > and >>> > there's no way to get it simply w/o hacking into shiro code. >>> > >>> > Why do I need this: >>> > We have pretty common use-case: show users, who are online. With >>> > SessionListener it would be quite easy - #onStart() mark user as >>> > online, >>> > #onExpiration() and #onStop() - as offline. >>> > >>> > Thanks, >>> > Alexandr Vasilenko
