Apache Shiro : RememberMe 기능이 기본 암호 서비스와 함께 작동하지 않습니다.

Question

보안을 위해 Apache Shiro 1.2를 사용하여 jsf 기반 프로젝트를 개발 중입니다. 나는 '기억 해요'기능에 문제가 있습니다.

[main] 

jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm 
jdbcRealm.authenticationQuery = SELECT password from user where username = ? 
jdbcRealm.userRolesQuery = select role from userroles where userID = (select id FROM user WHERE username = ?) 

ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource 
ds.serverName = localhost 
ds.user = root 
ds.password = 12345 
ds.databaseName = testdb 
jdbcRealm.dataSource= $ds 

authc.loginUrl = /index.xhtml 
user.loginUrl = /index.xhtml 

passwordService = org.apache.shiro.authc.credential.DefaultPasswordService 
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher 
passwordMatcher.passwordService = $passwordService 
jdbcRealm.credentialsMatcher = $passwordMatcher 

#or this configuration 
#passwordMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher 
#credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher 
#credentialsMatcher.hashAlgorithmName = SHA-256 
#credentialsMatcher.storedCredentialsHexEncoded = true 
#credentialsMatcher.hashIterations = 5000 

자바 클래스

PasswordService passwordService = new DefaultPasswordService(); 
String encryptedPassword = passwordService.encryptPassword(password); 

Subject currentUser   = SecurityUtils.getSubject(); 
UsernamePasswordToken token = new UsernamePasswordToken(username, encryptedPassword); 
token.setRememberMe(rememberMe); 

어떤 문제가 될 수 있을까?

Answer 1

기억하고있는 세션을 유지하려면 기본 세션 관리자를 구성해야합니다.

[main] 
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 
securityManager.sessionManager = $sessionManager