Using Shiro's Native In Addition To The Default Http Session

Currently I've been working on a projection that uses shiro for authentication together with authorization. I tin compass that aside from the fact that it doesn't back upward jsf, it's a rattling useful tool.

This page contains codes that volition assistance you lot inwards configuring your projection to enable both the default http  and shiro's native session.

1.) web.xml - enable shiro filter:

<listener>  <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener>  <filter>  <filter-name>ShiroFilter</filter-name>  <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> </filter>  <filter-mapping>  <filter-name>ShiroFilter</filter-name>  <url-pattern>/*</url-pattern>  <dispatcher>REQUEST</dispatcher>  <dispatcher>FORWARD</dispatcher>  <dispatcher>INCLUDE</dispatcher>  <dispatcher>ERROR</dispatcher> </filter-mapping> 

2.) Enable default Http session inwards shiro.ini:

[main] saltedJdbcRealm = com.czetsuya.commons.web.security.shiro.JdbcRealmImpl  # whatsoever object holding is automatically configurable inwards Shiro.ini file saltedJdbcRealm.jndiDataSourceName = dropshipDS   # the realm should handgrip also potency saltedJdbcRealm.permissionsLookupEnabled = truthful  # If non filled, subclasses of JdbcRealm assume "select password from users where username  =  ?" # showtime consequence column is password, minute consequence column is common salt  saltedJdbcRealm.authenticationQuery  =  SELECT password, common salt FROM crm_users WHERE disabled = faux AND username = ?  # If non filled, subclasses of JdbcRealm assume "select role_name from user_roles where username  =  ?" saltedJdbcRealm.userRolesQuery  =  SELECT cite FROM crm_roles a INNER JOIN crm_user_roles b ON a.id = b.role_id INNER JOIN crm_users c ON c.id = b.user_id WHERE c.username = ?  # If non filled, subclasses of JdbcRealm assume "select permission from roles_permissions where role_name  =  ?" saltedJdbcRealm.permissionsQuery  =  SELECT activity FROM crm_permissions WHERE business office = ?  # password hashing specification, position something big for hasIterations sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher sha256Matcher.hashAlgorithmName = SHA-256 sha256Matcher.hashIterations = i saltedJdbcRealm.credentialsMatcher = $sha256Matcher securityManager.realms = $saltedJdbcRealm  cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager  cacheManager.cacheManagerConfigFile = classpath:ehcache.xml securityManager.cacheManager = $cacheManager  dsFilter = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter dsFilter.loginUrl = /login.xhtml  roles = com.czetsuya.commons.web.security.shiro.RolesAuthorizationFilter  [urls] /login.xhtml = dsFilter /backend/** = dsFilter, roles[backend] /affiliate/** = dsFilter, roles[affiliate] /api/** = noSessionCreation, dsFilter /logout = logout 

3.) Enable shiro's native session:

[main] saltedJdbcRealm = com.czetsuya.commons.web.security.shiro.JdbcRealmImpl  # whatsoever object holding is automatically configurable inwards Shiro.ini file saltedJdbcRealm.jndiDataSourceName = dummyDS   # the realm should handgrip also potency saltedJdbcRealm.permissionsLookupEnabled = truthful  # If non filled, subclasses of JdbcRealm assume "select password from users where username  =  ?" # showtime consequence column is password, minute consequence column is common salt  saltedJdbcRealm.authenticationQuery  =  SELECT password, common salt FROM crm_users WHERE disabled = faux AND username = ?  # If non filled, subclasses of JdbcRealm assume "select role_name from user_roles where username  =  ?" saltedJdbcRealm.userRolesQuery  =  SELECT cite FROM crm_roles a INNER JOIN crm_user_roles b ON a.id = b.role_id INNER JOIN crm_users c ON c.id = b.user_id WHERE c.username = ?  # If non filled, subclasses of JdbcRealm assume "select permission from roles_permissions where role_name  =  ?" saltedJdbcRealm.permissionsQuery  =  SELECT activity FROM crm_permissions WHERE business office = ?  # password hashing specification, position something big for hasIterations sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher sha256Matcher.hashAlgorithmName = SHA-256 sha256Matcher.hashIterations = i saltedJdbcRealm.credentialsMatcher = $sha256Matcher securityManager.realms = $saltedJdbcRealm  sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO sessionDAO.activeSessionsCacheName = dropship-activeSessionCache  sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager sessionManager.sessionDAO = $sessionDAO #sessionManager.sessionIdCookie.domain = com.sido # 1,800,000 milliseconds = xxx mins #sessionManager.globalSessionTimeout = 1800000  sessionValidationScheduler = org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler # 1,800,000 milliseconds = xxx mins sessionValidationScheduler.interval = 1800000 sessionManager.sessionValidationScheduler = $sessionValidationScheduler  securityManager.sessionManager = $sessionManager   cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager  cacheManager.cacheManagerConfigFile = classpath:ehcache.xml securityManager.cacheManager = $cacheManager  sidoFilter = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter sidoFilter.loginUrl = /login.xhtml # logout.redirectUrl = /login.xhtml  [urls] /login.xhtml = sidoFilter /secure/** = sidoFilter /api/** = noSessionCreation, sidoFilter # /logout = logout