How to use a native shiro session in a Grails web application?

Question

How to use a native shiro session in a Grails web application?

I am currently using the default HttpSession object on both controllers and gsp pages:

In controllers:

... session.mykey = anObject; // adding an object to session ... if (session.otherkey) { // performing some checking

In GSP:

 ... <g:if test="${session.mykey}"> ...

I would like to have a “remember me” function. Shiro is already integrated. However, as I understand it, for this I need to use the shiro native session mode (in Config.groovy: security.shiro.session.mode = "native"). By default, it saves the session state, so objects remain in the session until the cookie expires or the user disconnects.

As far as I understand?

Then I will have to change my controllers to this:

 def shiroSession = SecurityUtils.subject.session shiroSession.setAttribute("mykey",anObject) .... if (shiroSession.getAttribute("otherkey") ){

And my views on this are:

 <g:if test="${SecurityUtils.subject.session.getAttribute('mykey')}">

So my questions are:

Is it correct?
Can't I use the previous session access method?
Should I disconnect the default HTTP session in some configuration?

+6

grails shiro session-management

r0drigopaes Nov 20 '11 at 21:50

source share

1 answer

r0drigopaes · Answer 1 · 2011-11-25T00:15:13+0000

I refused to permanently store objects in the session (until the cookie expired). Here is what I did:

In the controller login method:

 if (! session.currentProfile){ Subject currentUser = SecurityUtils.getSubject() if (currentUser.isRemembered()){ boolean success = configureSession(session, currentUser.getPrincipal()) if (success){ ... } } .... }

The first “if” checks if the session has the object that I need.

The configureSession method puts all the necessary information into the session.

How to use a native shiro session in a Grails web application?

More articles: