Are you 'forcing' Shiro's native session management? If you are then you will get that behavior. My suggestion is for you not to do it. The Tynamo security's default configuration works just great. Tapestry does not have its own session management, it's just a wrapper for Servlet's one. Shiro, on the other hand, does, if you enable it. You shouldn't do that in a web/tapestry environment.
On Aug 8, 2012, at 10:30 AM, kata wrote: > Then there must be some crucial bit of configuration I'm missing. Every time > I visit a page which uses a @Persist annotation, tapestry ignores shiros' > session and tries to access its own. If I don't change the cookie names, > shiro and tapestry overwrite the default JSESSION cookie and nothing works. > If i change shiros cookie name then values managed by @Persist are > persisted, but not clustered like values managed by shiro. > > > lprimak wrote >> >> As Alex said before, the backing objects for all session management, >> Shiro's, Tapestry, and Servlet >> are the same objects. You are already using the exact same session >> management objects. >> >> On Aug 8, 2012, at 10:04 AM, kata wrote: >> >>> Alex, >>> >>> I'm sorry, I wasn't clear - I'm using native shiro sessions, so I switch >>> the >>> session manager to shiro's DefaultWebSessionManager. I do it this way to >>> later cache and cluster session data with EhCache. >>> What I need is a way to substitute the HttpSession tapestry is using with >>> shiros' Session implementation. If I can do that, then I hope I can use >>> the >>> servlet API in the application instead of the shiro-specific calls. >>> Ideally >>> annotations would also work as intended, with clustering and all. >>> >>> Regards, >>> Martin >>> >>> >>> Alex Kotchnev-2 wrote >>>> >>>> Martin, >>>> you really should be able to continue using @Persist and @SessionState. >>>> Both Shiro's subject.getSession() and the @Persist annotation store >>>> their >>>> values in the same http session. Is that not working for you ? >>>> >>>> Cheers, >>>> >>>> Alex K >>>> >>>> On Wed, Aug 8, 2012 at 7:20 AM, kata <januszkiewicz.marcin@> >>>> wrote: >>>> >>>>> Hi all, >>>>> >>>>> I am currently using shiro and the tapestry-security plugin to manage >>>>> sessions and persist data. Everything works fine when getting the >>>>> session >>>>> by >>>>> SecurityUtils.getSubject().getSession(). However, this means that the >>>>> application is peppered with fragments of shiro-specific code. Since >>>>> shiro >>>>> uses the servlet session API, is there a way to do this in a way that >>>>> is >>>>> transparent to the application, and hopefully still allow me to use >>>>> annotations like @Persist and @SessionState? >>>>> >>>>> Thanks, >>>>> Martin >>>>> >>>>> >>>>> >>>>> -- >>>>> View this message in context: >>>>> http://tapestry.1045711.n5.nabble.com/Changing-default-session-behavior-tp5715141.html >>>>> Sent from the Tapestry - User mailing list archive at Nabble.com. >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscribe@.apache >>>>> For additional commands, e-mail: users-help@.apache >>>>> >>>>> >>>> >>> >>> >>> >>> >>> -- >>> View this message in context: >>> http://tapestry.1045711.n5.nabble.com/Changing-default-session-behavior-tp5715141p5715150.html >>> Sent from the Tapestry - User mailing list archive at Nabble.com. >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscribe@.apache >>> For additional commands, e-mail: users-help@.apache >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@.apache >> For additional commands, e-mail: users-help@.apache >> > > > > > -- > View this message in context: > http://tapestry.1045711.n5.nabble.com/Changing-default-session-behavior-tp5715141p5715155.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
