我有使用Shiro的代码:
LoginAction.java:
@Action(value = "loginUser", results = { @Result(name = "error", type = "tiles", location = "error") })
public String loginRegisterUser() {
String retStr = null;
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(loginUser.getUserName(),loginUser.getUserPassword());
token.setRememberMe(true);
try {
Session session = currentUser.getSession();
session.setAttribute("USERID", loginUser.getUserName());
session.setAttribute("SESSIONID", session.getId());
System.out.println("USERID: " + session.getAttribute("USERID"));
System.out.println("SESSIONID: " + session.getAttribute("SESSIONID"));
// session.setAttribute("LOGINUSER", loginUser); //TODO by Carmela: Add Resource Details
sessionAttributes.put("USERID", session.getAttribute("USERID"));
sessionAttributes.put("SESSIONID", session.getAttribute("SESSIONID"));
currentUser.login(token);
session.stop();
currentUser.getSession(true);
if (currentUser.isAuthenticated()) {
session = currentUser.getSession(false);
session.touch();
session.setAttribute("USERID", sessionAttributes.get("USERID"));
session.setAttribute("SESSIONID", sessionAttributes.get("SESSIONID"));
System.out.println("user is authenticated!!!!!");
System.out.println("isAuthenticated USERID: " + session.getAttribute("USERID"));
System.out.println("isAuthenticated SESSIONID: " + session.getAttribute("SESSIONID"));
session.setTimeout(30000);
retStr = "loginUserSuccess";
}
} catch (ExpiredSessionException e) {
System.out.println("LoginAction ExpiredSessionException");
} catch (UnknownAccountException uae) {
addActionError("Unknown account.");
retStr = "loginUserLogin";
uae.printStackTrace();
} catch (IncorrectCredentialsException iae) {
addActionError("Incorrect Username and Password.");
retStr = "loginUserLogin";
iae.printStackTrace();
} catch (LockedAccountException lae) {
addActionError("Your account has been locked.");
retStr = "loginUserLogin";
lae.printStackTrace();
} catch (AuthenticationException ae) {
addActionError("Enter Valid Username or Password");
retStr = "loginUserLogin";
ae.printStackTrace();
} catch (Exception e) {
addActionError("Error!");
retStr = "loginUserLogin";
e.printStackTrace();
}
return retStr;
}
shiro.ini:
[main]
shiro.loginUrl = /login.jsp
ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=users,dc=example,dc=com
ldapRealm.contextFactory.url = ldap://10.62.24.210:10389
ldapRealm.contextFactory.systemUsername = something
ldapRealm.contextFactory.systemPassword = password
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.authorizationCachingEnabled = false
每当我的会话在30秒后超时并点击相同的网址时,它会显示我 错误:
Messages: Session with id [6944e751-96bd-49ad-aab9-66ed42da4c9c] has expired. Last
access time: 2/19/14 6:00 PM. Current time: 2/19/14 6:03PM. Session timeout is set to
30 seconds (0 minutes)
File: org/apache/shiro/session/mgt/SimpleSession.java
当我再次点击同一个网址时,它会显示此消息:
Messages: There is no session with id [6944e751-96bd-49ad-aab9-66ed42da4c9c]
File: org/apache/shiro/session/mgt/eis/AbstractSessionDAO.java
任何人都可以帮助我吗?提前谢谢。