1

我在挂毯应用程序中使用 shiro (1.2.0)。现在我只想将它用于会话管理。虽然默认会话管理(使用 ServletContainerSessionManager)有效,但当我尝试切换到本机会话时,shiro 停止跟踪它们:

public static WebSecurityManager decorateWebSecurityManager(WebSecurityManager manager) {
  if(manager instanceof TapestryRealmSecurityManager) {
    DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
    MemorySessionDAO sessionDAO = new MemorySessionDAO();
    sessionManager.setSessionDAO(sessionDAO);
    ((TapestryRealmSecurityManager) manager).setSessionManager(sessionManager);
  }
  return null;
}

调试输出:

07-08-12 17:47:57:339 - {TRACE} util.ThreadContext Thread [1072280360@qtp-1531443370-6];  Bound value of type [$WebSecurityManager_19518d48138a] for key [org.apache.shiro.util.ThreadContext_SECURITY_MANAGER_KEY] to thread [1072280360@qtp-1531443370-6]
07-08-12 17:47:57:339 - {TRACE} mgt.DefaultSecurityManager Thread [1072280360@qtp-1531443370-6];  Context already contains a SecurityManager instance.  Returning.
07-08-12 17:47:57:339 - {TRACE} mgt.AbstractValidatingSessionManager Thread [1072280360@qtp-1531443370-6];  Attempting to retrieve session with key org.apache.shiro.web.session.mgt.WebSessionKey@1dc49089
07-08-12 17:47:57:339 - {DEBUG} servlet.SimpleCookie Thread [1072280360@qtp-1531443370-6];  Found 'JSESSIONID' cookie value [sbrxl74ij1v8]
07-08-12 17:47:57:339 - {DEBUG} mgt.DefaultSecurityManager Thread [1072280360@qtp-1531443370-6];  Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous (session-less) Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with id [sbrxl74ij1v8]
at     org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
4

1 回答 1

1

问题是我忘记删除 @Persist 注释,默认情况下使用会话来存储数据。这导致 Tapestry 用它自己的值覆盖 shiro 的 JSESSIONID cookie。

于 2012-08-08T10:13:51.187 回答