I Run into the same problem. You have to create and mantain your securityManager. Otherwise you will loose all your sessions each time it is instantiated. This is because we are not using the webFilter. Soap calls arent mannaged by the webFilter. I replaced the webfilter with a SoapHandler and start the securitymanager only in the first call. Check the past threads for a description. Good luck. El may 27, 2014 1:08 PM, "P82" <[email protected]> escribió:
> From this post > < > http://grails.1312388.n4.nabble.com/Binding-Security-Manager-to-the-thread-context-and-Shiro-tp3217915p3218140.html > > > : > Typically a subject is automatically created, bound and unbound for a > thread by the ShiroFilter when servicing a web request. If your logic > is NOT triggered by a web request (e.g. via a startup or daemon > thread, or different thread (e.g. ExecutorService or thread pool)), > then you'll need to do the create/bind/unbind logic yourself. See the > Subject page for more information. > > So it means, as I understand that if we connect to EJB we must do the > create/bind/unbind logic ourselves. As I understand we must send to server > sessionId and use the following code: > > /Subject subject = new > Subject.Builder().sessionId(sessionId).buildSubject();/ > > However, testing my remote EJB from standalone client and calling testMe > method several times I see that it keeps id and user is isAuthenticated. > /public void testMe(){ > Subject currentUser = SecurityUtils.getSubject(); > if ( !currentUser.isAuthenticated() ) { > UsernamePasswordToken token = new > UsernamePasswordToken("lonestarr", "vespa"); > System.out.println("#0:"+currentUser.getSession().getId()); > currentUser.login(token); > }else{ > currentUser.logout(); > System.out.println("I logged out"); > } > System.out.println("#1:"+currentUser.getSession().getId()); > } > / > > When I call it first time from my client I have: > #0:f7b3117d-b4e0-4eef-9221-f99dbb87ecc2 > #1:f7b3117d-b4e0-4eef-9221-f99dbb87ecc2 > When I call it second time from client I have: > I logged out > #1:2edcab36-cb97-4722-b91b-82ec225deb78 > Again: > #0:2edcab36-cb97-4722-b91b-82ec225deb78 > #1:2edcab36-cb97-4722-b91b-82ec225deb78 > Again: > I logged out > #1:b92ba3f4-deb9-41f2-9a36-b571dc33f082]] > > So my question - should I send sessionId to server from client or shiro > uses > some mechanism to keep sessionId between client and server? > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Shiro-session-for-EJB-tp7579994.html > Sent from the Shiro User mailing list archive at Nabble.com. >
