Apache Shiro: RememberMe feature doesn't work with default password service

Question

I am developing a jsf-based project using Apache Shiro 1.2 for security. I have a problem with 'remember me' feature.

[main]

jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.authenticationQuery = SELECT password from user where username = ?
jdbcRealm.userRolesQuery = select role from userroles where userID = (select id FROM user WHERE username = ?)

ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource
ds.serverName = localhost
ds.user = root
ds.password = 12345
ds.databaseName = testdb
jdbcRealm.dataSource= $ds

authc.loginUrl = /index.xhtml
user.loginUrl = /index.xhtml

passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
jdbcRealm.credentialsMatcher = $passwordMatcher

#or this configuration
#passwordMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
#credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
#credentialsMatcher.hashAlgorithmName = SHA-256
#credentialsMatcher.storedCredentialsHexEncoded = true
#credentialsMatcher.hashIterations = 5000

Java class

PasswordService passwordService = new DefaultPasswordService();
String encryptedPassword = passwordService.encryptPassword(password);

Subject currentUser         = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, encryptedPassword);
token.setRememberMe(rememberMe);

What could be the problem be?

Answer 1

You will need to configure a default session manager to hold the session that you are remembering.

[main]
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager