I am developing a vaadin-based project using Apache Shiro 1.2 for security. I have a problem with 'remember me' feature. I try to use CookieRememberMeManager as RememberMeManager, but after authentification Subject.isRemembered() always returns false.
public class ApplicationSecurityManager extends DefaultSecurityManager {
public ApplicationSecurityManager(Realm singleRealm) {
super(singleRealm);
setRememberMeManager(new CookieRememberMeManager());
}
}
I set SecurityManager in init method of GuiceFilter.
final Realm realm = new ApplicationSecurityRealm();
final SecurityManager securityManager = new ApplicationSecurityManager(realm);
SecurityUtils.setSecurityManager(securityManager);
When I try to login to my application, all works fine except 'remember me' feature. Code:
final Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username,password);
token.setRememberMe(rememberMe);
currentUser.login(token);
Application have no exceptions, and i could't resolve this problem using debug. I use Apache Tomcat 7.0.40, can it to forbid cookies?
P.s. Sorry for my English, I'm not from an English-speaking country.