I have the problem that session scoped beans are not destroyed before the
session times out (30 minutes).
Therefore I have two questions regarding the following logout procedure:
1. Is this the right way to use shiro logout (see logout() below)
2. What would be the proper way to destroy the CDI session scoped beans
during logout.
---------------------------------------------------------------------------------------------------------------------------------------------
JSF page.xhtml
<p:commandLink ajax="false" actionListener="#{myOtherBean.logout}" />
---------------------------------------------------------------------------------------------------------------------------------------------
CDI session bean:
@Named
@SessionScoped
public class mySessionBean implements Serializable {
@PreDestroy
public void destroy() {
System.err.println("this only gets called when session times out
after 30 minutes");
}
}
@Named
@SessionScoped
public class myOtherBean extends Observable implements Serializable {
@Inject
private Subject subject;
public void logout(){
subject.logout();
FacesContext.getCurrentInstance().getExternalContext().redirect(servlet.getContextPath()
+ "/login");
}
}
---------------------------------------------------------------------------------------------------------------------------------------------
shiro.ini:
[main]
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO
ssoCacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
ehCacheFactory = de.scsynergy.elementary.qi.shiro.EhCacheFactory
ssoCacheManager.cacheManager = $ehCacheFactory
securityManager.cacheManager = $ssoCacheManager
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = SSOcookie
cookie.path = /
cookie.secure = true
cookie.httpOnly = true
securityManager.sessionManager.sessionIdCookie = $cookie
# set remember me path so all wars in container can see it
securityManager.rememberMeManager.cookie.path = /
credentialsMatcher =
org.apache.shiro.authc.credential.Sha512CredentialsMatcher
credentialsMatcher.storedCredentialsHexEncoded = false
credentialsMatcher.hashIterations = 500000
mongoRealm.credentialsMatcher = $credentialsMatcher
firstStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy
securityManager.authenticator.authenticationStrategy = $firstStrategy
securityManager.realms = $mongoRealm
securityManager.rememberMeManager.cipherKey =
0x3a499d0eb36d896cc4a3c3a5e59c805f
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
logout=org.apache.shiro.web.filter.authc.LogoutFilter
authc.loginUrl = /login.xhtml
authc.successUrl = /welcome.xhtml
logout.redirectUrl = /login.xhtml
# roles.unauthorizedUrl = /template.xhtml
# the following filter is not needed when SPNEGO filter is used since it
includes the functionality
user = de.scsynergy.elementary.qi.FacesAjaxAwareUserFilter
user.loginUrl = /login.xhtml
[users]
superuser = , admin
[roles]
admin = *
[urls]
/login.xhtml = ssl[8443], user, authc
/logout = logout
# the next line is needed to retrieve jsf resources from jar library
/javax.faces.resource/** = ssl[8443], anon
/webdav/** = noSessionCreation, ssl[8443], authcBasic
/** = ssl[8443], user, authc
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Destroy-SessionScoped-CDI-beans-during-Shiro-logout-tp7580656.html
Sent from the Shiro User mailing list archive at Nabble.com.
