While there are numerous solutions to use apache shiro and vaadin, Mike Pilones this solution works well except the "Remember-me" functionality. The reason for this is when using this method, we have to refrain from using a servlet filter that initializes the security manager. Thus shiro is unable to get hold of the servlet response and set the "Remember-me" cookie.
To overcome this, we have to subclass the CookieRememberMeManager and override few methods to include ServletRequest and ServletResponse to be obtained from VaadinServletService.
Now we have to set our custom remember me manager in the shiro Security manager as follows.
Now shiro security manager can set and retrieve any remember-me cookie using the VaadinServletService provided request and response objects.
No comments:
Post a Comment