Les, Then I have problems, #onStop() doesn't have principals, even if user is known. #onStart() doesn't have principals as well, but I think it's because session is created earlier than principals are associated with it. Correct me if I'm wrong.
Thanks, Alexandr Vasilenko 2012/4/6 Les Hazlewood <[email protected]> > Hi Alex, > > Yes, that's possible. A session can be created and stopped before it > is associated with an identity - for example, if the session was > created by a guest (user, robot, etc), and that guest never logged in > and their session expired. > > For sessions that have been associated with a known user (e.g. via > login or rememberMe), you would be able to obtain the identity > (principals). > > Just be aware that the onStop method is called before the session (and > its associated principals) are removed. You can perform 'read' > operations only (get the principals, check the last access time, etc) > during this time. You can't perform any 'write' operations (add > attributes, etc). > > HTH, > > Les Hazlewood > CTO, Stormpath | http://www.stormpath.com | 888.391.5282 > twitter: @lhazlewood | http://twitter.com/lhazlewood > blog: http://leshazlewood.com > stormpath blog: http://www.stormpath.com/blog/ > > On Fri, Apr 6, 2012 at 10:46 AM, Alex Vasilenko <[email protected]> > wrote: > > Les, > > > > Is it possible that there won't be principals on user's logout in > > SessionListener#onStop()? > > > > Alexandr Vasilenko > > > > > > 2012/4/6 Alex Vasilenko <[email protected]> > >> > >> Simple and powerful :). Thanks, Les. > >> > >> Alexandr Vasilenko > >> > >> > >> 2012/4/6 Les Hazlewood <[email protected]> > >>> > >>> Hi Alex, > >>> > >>> The easiest way to do this is to construct the Subject instance > >>> associated with the session given to the listener: > >>> > >>> Subject owningSubject = new > >>> Subject.Builder().session(theSession).buildSubject(); > >>> > >>> You can interact with the 'owningSubject' instance to acquire what you > >>> need (e.g. owningSubject.getPrincipal()). > >>> > >>> This way, you don't need to know about the implementation details of > >>> how to acquire the principals (i.e. what session key to use, etc). > >>> This is good because those implementation details might change over > >>> time, but your code based on the Subject.Builder should always work > >>> the same way. > >>> > >>> Cheers, > >>> > >>> Les Hazlewood > >>> CTO, Stormpath | http://www.stormpath.com | 888.391.5282 > >>> twitter: @lhazlewood | http://twitter.com/lhazlewood > >>> blog: http://leshazlewood.com > >>> stormpath blog: http://www.stormpath.com/blog/ > >>> > >>> On Thu, Apr 5, 2012 at 12:34 PM, Alex Vasilenko < > [email protected]> > >>> wrote: > >>> > Hello, > >>> > > >>> > Is there any simple solution to retrieve user's principals in > >>> > SessionListener? As far as I understand it's abstracted from subject > >>> > and > >>> > there's no way to get it simply w/o hacking into shiro code. > >>> > > >>> > Why do I need this: > >>> > We have pretty common use-case: show users, who are online. With > >>> > SessionListener it would be quite easy - #onStart() mark user as > >>> > online, > >>> > #onExpiration() and #onStop() - as offline. > >>> > > >>> > Thanks, > >>> > Alexandr Vasilenko >
