No particular reason - please open a Jira issue and we can fix it as soon as possible.
Thanks! -- Les Hazlewood CTO, Stormpath | http://www.stormpath.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood blog: http://leshazlewood.com stormpath blog: http://www.stormpath.com/blog/ On Thu, Apr 12, 2012 at 1:02 PM, Alex Vasilenko <[email protected]> wrote: > Found out why there are no principals in SessionListener#onStop(): On > explicit logout: DefaultSubjectDAO#removeFromSession(Subject) removes all > principals before SessionListener#onStop() is called. > As I understand on logout session will be destroyed in any case. What are > the reasons to explicitly clear principals and authenticated flag from > session in this case? > > Thanks, > > Alexandr Vasilenko > > 2012/4/6 Alex Vasilenko <[email protected]> >> >> Les, >> >> Then I have problems, #onStop() doesn't have principals, even if user is >> known. #onStart() doesn't have principals as well, but I think it's because >> session is created earlier than principals are associated with it. Correct >> me if I'm wrong. >> >> Thanks, >> >> Alexandr Vasilenko >> >> 2012/4/6 Les Hazlewood <[email protected]> >>> >>> Hi Alex, >>> >>> Yes, that's possible. A session can be created and stopped before it >>> is associated with an identity - for example, if the session was >>> created by a guest (user, robot, etc), and that guest never logged in >>> and their session expired. >>> >>> For sessions that have been associated with a known user (e.g. via >>> login or rememberMe), you would be able to obtain the identity >>> (principals). >>> >>> Just be aware that the onStop method is called before the session (and >>> its associated principals) are removed. You can perform 'read' >>> operations only (get the principals, check the last access time, etc) >>> during this time. You can't perform any 'write' operations (add >>> attributes, etc). >>> >>> HTH, >>> >>> Les Hazlewood >>> CTO, Stormpath | http://www.stormpath.com | 888.391.5282 >>> twitter: @lhazlewood | http://twitter.com/lhazlewood >>> blog: http://leshazlewood.com >>> stormpath blog: http://www.stormpath.com/blog/ >>> >>> On Fri, Apr 6, 2012 at 10:46 AM, Alex Vasilenko <[email protected]> >>> wrote: >>> > Les, >>> > >>> > Is it possible that there won't be principals on user's logout in >>> > SessionListener#onStop()? >>> > >>> > Alexandr Vasilenko >>> > >>> > >>> > 2012/4/6 Alex Vasilenko <[email protected]> >>> >> >>> >> Simple and powerful :). Thanks, Les. >>> >> >>> >> Alexandr Vasilenko >>> >> >>> >> >>> >> 2012/4/6 Les Hazlewood <[email protected]> >>> >>> >>> >>> Hi Alex, >>> >>> >>> >>> The easiest way to do this is to construct the Subject instance >>> >>> associated with the session given to the listener: >>> >>> >>> >>> Subject owningSubject = new >>> >>> Subject.Builder().session(theSession).buildSubject(); >>> >>> >>> >>> You can interact with the 'owningSubject' instance to acquire what >>> >>> you >>> >>> need (e.g. owningSubject.getPrincipal()). >>> >>> >>> >>> This way, you don't need to know about the implementation details of >>> >>> how to acquire the principals (i.e. what session key to use, etc). >>> >>> This is good because those implementation details might change over >>> >>> time, but your code based on the Subject.Builder should always work >>> >>> the same way. >>> >>> >>> >>> Cheers, >>> >>> >>> >>> Les Hazlewood >>> >>> CTO, Stormpath | http://www.stormpath.com | 888.391.5282 >>> >>> twitter: @lhazlewood | http://twitter.com/lhazlewood >>> >>> blog: http://leshazlewood.com >>> >>> stormpath blog: http://www.stormpath.com/blog/ >>> >>> >>> >>> On Thu, Apr 5, 2012 at 12:34 PM, Alex Vasilenko >>> >>> <[email protected]> >>> >>> wrote: >>> >>> > Hello, >>> >>> > >>> >>> > Is there any simple solution to retrieve user's principals in >>> >>> > SessionListener? As far as I understand it's abstracted from >>> >>> > subject >>> >>> > and >>> >>> > there's no way to get it simply w/o hacking into shiro code. >>> >>> > >>> >>> > Why do I need this: >>> >>> > We have pretty common use-case: show users, who are online. With >>> >>> > SessionListener it would be quite easy - #onStart() mark user as >>> >>> > online, >>> >>> > #onExpiration() and #onStop() - as offline. >>> >>> > >>> >>> > Thanks, >>> >>> > Alexandr Vasilenko >> >> >
