We are moving our previous project to Play Framework 2.4. In previous project (Vaadin 7), we used Apache Shiro without any issues. Now, in Play Framework, we're having issues with Apache shiro. A user is able to log in. But then refresh the page constantly then the user is out, which means the Subject is null with the following invocation:
Subject currentUser = SecurityUtils.getSubject();
But if after logging in, the user waits for a few seconds, then refresh the page, then the Subject is not null and work as it should be. And again, if the user refresh the page constantly, then the Subject returns null again.
Does anyone have any experience on this?
Here is the shiro.ini:
jdbcRealm = security.MyCustomRealm
# Sha256
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
sha256Matcher.storedCredentialsHexEncoded = false
sha256Matcher.hashIterations = 1024
jdbcRealm.credentialsMatcher = $sha256Matcher
jdbcRealm.authenticationQuery = SELECT password, salt FROM b_user WHERE email = ?
# permissions
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.userRolesQuery = select role_name from b_user_role where email = ?
jdbcRealm.permissionsQuery = select permission from b_role_permission where role_name = ?
ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource
ds.serverName = localhost
ds.user = root
ds.password = 123456
ds.databaseName = mydb
jdbcRealm.dataSource=$ds
# Use Built-in Chache Manager
builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $builtInCacheManager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
# 1,800,000 milliseconds = 30 mins
securityManager.sessionManager.globalSessionTimeout = 1800000
securityManager.realms = $jdbcRealm
