我在一个挂毯应用程序中使用shiro(1.2.0)。现在我只想用它进行会话管理。虽然默认会话管理(使用ServletContainerSessionManager)有效,但当我尝试切换到本机会话时,shiro会停止跟踪它们:
public static WebSecurityManager decorateWebSecurityManager(WebSecurityManager manager) {
if(manager instanceof TapestryRealmSecurityManager) {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
MemorySessionDAO sessionDAO = new MemorySessionDAO();
sessionManager.setSessionDAO(sessionDAO);
((TapestryRealmSecurityManager) manager).setSessionManager(sessionManager);
}
return null;
}
调试输出:
07-08-12 17:47:57:339 - {TRACE} util.ThreadContext Thread [1072280360@qtp-1531443370-6]; Bound value of type [$WebSecurityManager_19518d48138a] for key [org.apache.shiro.util.ThreadContext_SECURITY_MANAGER_KEY] to thread [1072280360@qtp-1531443370-6]
07-08-12 17:47:57:339 - {TRACE} mgt.DefaultSecurityManager Thread [1072280360@qtp-1531443370-6]; Context already contains a SecurityManager instance. Returning.
07-08-12 17:47:57:339 - {TRACE} mgt.AbstractValidatingSessionManager Thread [1072280360@qtp-1531443370-6]; Attempting to retrieve session with key org.apache.shiro.web.session.mgt.WebSessionKey@1dc49089
07-08-12 17:47:57:339 - {DEBUG} servlet.SimpleCookie Thread [1072280360@qtp-1531443370-6]; Found 'JSESSIONID' cookie value [sbrxl74ij1v8]
07-08-12 17:47:57:339 - {DEBUG} mgt.DefaultSecurityManager Thread [1072280360@qtp-1531443370-6]; Resolved SubjectContext context session is invalid. Ignoring and creating an anonymous (session-less) Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with id [sbrxl74ij1v8]
at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
答案 0 :(得分:1)
问题是我忘了删除@Persist注释,默认情况下使用会话来存储数据。这导致tapestry用它自己的值覆盖了shiro的JSESSIONID cookie。