List of usage examples for org.apache.shiro.session.mgt DefaultSessionManager setDeleteInvalidSessions
@SuppressWarnings({ "UnusedDeclaration" })
public void setDeleteInvalidSessions(boolean deleteInvalidSessions)
From source file:com.sonicle.webtop.core.app.WebTopApp.java
License:Open Source License
private DefaultSecurityManager buildSecurityManager() { DefaultSecurityManager newSecurityManager = new DefaultSecurityManager(new WTRealm()); newSecurityManager.setCacheManager(new MemoryConstrainedCacheManager()); DefaultSessionManager sessionManager = (DefaultSessionManager) newSecurityManager.getSessionManager(); sessionManager.setGlobalSessionTimeout(-1); sessionManager.setDeleteInvalidSessions(false); sessionManager.setSessionValidationSchedulerEnabled(false); return newSecurityManager; }
From source file:org.graylog2.bindings.providers.DefaultSecurityManagerProvider.java
License:Open Source License
@Inject public DefaultSecurityManagerProvider(MongoDbSessionDAO mongoDbSessionDAO, PasswordAuthenticator passwordAuthenticator, MongoDbAuthorizationRealm mongoDbAuthorizationRealm, LdapUserAuthenticator ldapUserAuthenticator, SessionAuthenticator sessionAuthenticator, AccessTokenAuthenticator accessTokenAuthenticator, Configuration configuration) { final GraylogSimpleAccountRealm inMemoryRealm = new GraylogSimpleAccountRealm(); inMemoryRealm.setCachingEnabled(false); inMemoryRealm.addRootAccount(configuration.getRootUsername(), configuration.getRootPasswordSha2()); inMemoryRealm.setCredentialsMatcher(new HashedCredentialsMatcher("SHA-256")); passwordAuthenticator.setCachingEnabled(false); passwordAuthenticator.setCredentialsMatcher(new HashedCredentialsMatcher("SHA-1")); mongoDbAuthorizationRealm.setCachingEnabled(false); ldapUserAuthenticator.setCachingEnabled(false); sessionAuthenticator.setCachingEnabled(false); accessTokenAuthenticator.setCachingEnabled(false); sm = new DefaultSecurityManager(Lists.<Realm>newArrayList(sessionAuthenticator, accessTokenAuthenticator, ldapUserAuthenticator, passwordAuthenticator, inMemoryRealm)); final Authenticator authenticator = sm.getAuthenticator(); if (authenticator instanceof ModularRealmAuthenticator) { ((ModularRealmAuthenticator) authenticator).setAuthenticationStrategy(new FirstSuccessfulStrategy()); }// w ww . j ava 2 s . c o m sm.setAuthorizer( new ModularRealmAuthorizer(Lists.<Realm>newArrayList(mongoDbAuthorizationRealm, inMemoryRealm))); final DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO(); final DefaultSessionStorageEvaluator sessionStorageEvaluator = new DefaultSessionStorageEvaluator() { @Override public boolean isSessionStorageEnabled(Subject subject) { // save to session if we already have a session. do not create on just for saving the subject return (subject.getSession(false) != null); } }; sessionStorageEvaluator.setSessionStorageEnabled(false); subjectDAO.setSessionStorageEvaluator(sessionStorageEvaluator); sm.setSubjectDAO(subjectDAO); final DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sm.getSessionManager(); defaultSessionManager.setSessionDAO(mongoDbSessionDAO); defaultSessionManager.setDeleteInvalidSessions(true); defaultSessionManager.setCacheManager(new MemoryConstrainedCacheManager()); // DO NOT USE global session timeout!!! It's fucky. //defaultSessionManager.setGlobalSessionTimeout(TimeUnit.SECONDS.toMillis(5)); SecurityUtils.setSecurityManager(sm); }