Hi all,
I've an webapplication with a loginform. The user has to authenticate and
authorize agains the LDAP system.
...
Subject subj = SecurityUtils.getSubject();
subj.getSession(true);
UsernamePasswordToken token =
new UsernamePasswordToken(userName, password, true);
token.setRememberMe(true);
subj.login(token);
if (subj.isAuthenticated()) {
log.info("isAuthenticated(): " + subj.isAuthenticated());
// hier wird gegen das mapping groups->roles gematched
if (subj.hasRole("consultant"))
return true;
}
...
This works fine for me.
I check the following, if the current user ist still authenticated, on every
page:
...
public Object onActivate() {
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
request.getHTTPServletRequest().getSession().invalidate();
System.out.println("Current user is not longer authenticated");
return login;
}
return null;
}
...
But if the user is logged in, a few page requests later(sometimes earlier
sometimes later)
the check(method onActivate) returned
...
currentUser.isAuthenticated() == false
...
and the browser shows my login page.
I use shiro-1.2.1 for web security implementations.
I don't know if this could be a shiro or tapestry issue.
Has anyone an idea how to fix this problem?
Thanks
marcoa
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
