What do you mean by the session is there? But the principal isn't? Is the session looked up from a cookie? Does this work without your custom filter?
-Brian > On Feb 25, 2015, at 3:27 AM, rasel.ahmed <[email protected]> > wrote: > > Hi Brian, > Thanks for your reply. I am sorry for late reply, because I was in vacation. > Below happens . > > 1.) Log user 'A' into Firefox > 2.) Log user 'A' into Chrome > 3.) Let Firefox sit idle for 65 seconds (session expires) > 4.) Chrome is not idle, I am continuous working on it. > 5.) Perform some server side action / I just refresh client side. Offcourse > client page call server REST webservice. > 6.) Though I am continuously working on Chrome, it lost principal value. > 7.) NOTE : Session is there. only principals() became null. > 8.) When principal became NULL, I am forced to back to login page. Then I > cant make any action on UI page except the lgoin. Simply As expected, then > 65 seconds later the Chrome session out. > > Reason : When I lost my principal value, It push me back to login page. > Becasue I have custom filter class and I override the method like : > My all .XHTML page are get filterred by this method. > public class TestAuthenticationFilter extends AuthenticatingFilter { > ...................... > ............ > protected boolean isAccessAllowed(ServletRequest request, ServletResponse > response, Object mappedValue) { > if (isLoginRequest(request, response)) { > return true; > } else { > return SecurityUtils.getSubject().getPrincipals() != null > && super.isAccessAllowed(request, response, mappedValue); > } > } > ...................... > } > public class SingleSignOnSessionId implements Serializable { > .................. > ..................... > } > > public class TestAuthorizingRealm extends AuthorizingRealm { > ............... > ................................. > protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken > token) { > userTO = GetUserDataFromserver(). Using REST webservice calling. > Collection<Serializable> principals = Arrays.asList(userTO, new > SingleSignOnSessionId(userTO.getSessionId())); > PrincipalCollection principalCollection = new > SimplePrincipalCollection(principals, getName()); > return new SimpleAuthenticationInfo(principalCollection, > token.getCredentials()); > } > > } > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Shiro-lost-subject-principal-value-tp7580449p7580465.html > Sent from the Shiro User mailing list archive at Nabble.com.
