Java Shiro会话注销不工作
我在一个项目中工作,我们使用ApacheShiro进行安全保护。 现在,我不确定问题是在Shrio配置中还是在其他地方 发生的情况是,当用户输入凭据并通过基本身份验证时,用户名和密码的值将保留,直到浏览器关闭。我已经在Firefox和Chrome中尝试过了,这是同样的行为 据我所知,这听起来像是Shiro的“RememberMe”功能,但我“认为”我已经关闭了它Java Shiro会话注销不工作,java,session,jboss,shiro,Java,Session,Jboss,Shiro,我在一个项目中工作,我们使用ApacheShiro进行安全保护。 现在,我不确定问题是在Shrio配置中还是在其他地方 发生的情况是,当用户输入凭据并通过基本身份验证时,用户名和密码的值将保留,直到浏览器关闭。我已经在Firefox和Chrome中尝试过了,这是同样的行为 据我所知,这听起来像是Shiro的“RememberMe”功能,但我“认为”我已经关闭了它 protected AuthenticationInfo doGetAuthenticationInfo(Authentication
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
logger.info("Remember Me active ? {}", upToken.isRememberMe());
印刷品:
09:44:00323信息[TestRealm]还记得我处于活动状态吗?假的
我还尝试使用Shiro.ini文件中配置的Shiro注销
[main]
...
logout.redirectUrl = /logout.jsp
...
[url]
/logout = logout
logout.jsp如下所示:
<%@ page import="org.apache.shiro.SecurityUtils" %>
<% SecurityUtils.getSubject().logout();%>
You have succesfully logged out.
最好的,
Henrik配置中一定存在一些问题,您可以从中尝试演示应用程序并检查其是否有效
[main]
authBasicRealm = se.test.TestRealm
securityManager.realms = $authBasicRealm
#builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
#securityManager.cacheManager = $builtInCacheManager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
#securityManager.sessionManager.sessionIdCookieEnabled = false
# cookie for single sign on
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = test.session
cookie.path = /test
cookie.maxAge = 60
#cookie.secure = true
cookie.httpOnly = false
sessionManager.sessionIdCookie = $cookie
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionManager.sessionDAO = $sessionDAO
securityManager.sessionManager = $sessionManager
logout.redirectUrl = /logout.jsp
[users]
# format: username = password, role1, role2, ..., roleN
admin = admin, 4
user = user, 2
[roles]
admin = *
user = *
#User Get Specified
1 = 1
#User Get All
2 = 1
#Create Put Update
3 = 2:*
#Admin
4 = admin:*
test = 2:*
[urls]
/logout = logout
/** = authcBasic