2

I am developing a vaadin-based project using Apache Shiro 1.2 for security. I have a problem with 'remember me' feature. I try to use CookieRememberMeManager as RememberMeManager, but after authentification Subject.isRemembered() always returns false.

public class ApplicationSecurityManager extends DefaultSecurityManager {

    public ApplicationSecurityManager(Realm singleRealm) {
        super(singleRealm);
        setRememberMeManager(new CookieRememberMeManager());
    }
}

I set SecurityManager in init method of GuiceFilter.

    final Realm realm = new ApplicationSecurityRealm();
    final SecurityManager securityManager = new ApplicationSecurityManager(realm);
    SecurityUtils.setSecurityManager(securityManager);

When I try to login to my application, all works fine except 'remember me' feature. Code:

    final Subject currentUser = SecurityUtils.getSubject();

    UsernamePasswordToken token = new UsernamePasswordToken(username,password);
    token.setRememberMe(rememberMe);
    currentUser.login(token);

Application have no exceptions, and i could't resolve this problem using debug. I use Apache Tomcat 7.0.40, can it to forbid cookies?

P.s. Sorry for my English, I'm not from an English-speaking country.

4

1 回答 1

1

我意识到已经一年了,但是这个问题得到了相当多的意见,所以我想我会发布一些信息。

Subject.isRemembered() 在 Shiro 中有点棘手。仅当主题具有有效的记住我设置(cookie 等)并且主题未经过身份验证时,它才返回 true。详情在这里:http://shiro.apache.org/static/1.2.2/apidocs/org/apache/shiro/subject/Subject.html#isRemembered()

因此,我怀疑您的 Remember Me 工作正常,但您对 Subject.isRemembered() 的期望与该方法的实际作用不符。

于 2015-04-28T15:04:29.083 回答