Hi Jason, Because of Groovy's ability to blindly traverse an object/property graph, you should be able to get it from the SecurityManager reference, e.g.:
securityManager.sessionManager.sessionDAO This traversal will only work if you're using native sessions (otherwise the runtime SessionManager instance won't have a sessionDAO property). Cheers, Les On Wed, Nov 16, 2011 at 12:36 PM, Jason Davis <[email protected]> wrote: > Thanks a lot Les. I have seen your posts on the grails mailing list > while searching about this. > Do you know how to get the session dao in grails when using the > default session setup? > > Thanks A lot! > Jason > > On Wed, Nov 16, 2011 at 1:18 PM, Les Hazlewood <[email protected]> wrote: >> Hi Jason, >> >> My brain must be muddy today - your solution is simpler and should >> work fine. I don't know why I jumped right to the more complicated >> solution! >> >> That should be good enough but you will need to persist the state >> change back to the data store so invalidated sessions can be cleaned >> up as necessary. >> >> For example, by using the SessionManager's underlying SessionDAO: >> >> Collection<Session> activeSessions = sessionDAO.getActiveSessions(); >> for( Session s : activeSessions ) { >> s.invalidate(); >> sessionDAO.update(s); >> } >> >> HTH! >> >> Cheers, >> >> Les >> >> On Wed, Nov 16, 2011 at 10:35 AM, Jason Davis <[email protected]> wrote: >>> Thanks for the reply! >>> If I have a list of all sessions can I invalidate() them all and be >>> done? Or would that not be enough to log them out? >>> >>> Thanks! >>> Jason Davis >>> >>> On Wed, Nov 16, 2011 at 11:27 AM, Les Hazlewood <[email protected]> >>> wrote: >>>> Hi Jason, >>>> >>>> First, this would only be possible if using Shiro's native session >>>> support. There is no way to do this using the default servlet >>>> container sessions. >>>> >>>> The state of a subject is bound to a thread and/or a Session (if >>>> they're authenticated and sessions are enabled). >>>> >>>> To log out all authenticated subjects you need to: >>>> >>>> 1. Clear out the session cache entirely. >>>> 2. Do either of the following: >>>> a. Delete all active sessions in the backing Session data store >>>> (used by the SessionDAO), or >>>> b. Update all active sessions' stoppedTimestamp to be the current >>>> time in the backing Session data store. >>>> >>>> 1 and 2.a. are the common approaches. 2.b. is only done if you store >>>> and delete sessions manually from your data store outside of Shiro's >>>> control. >>>> >>>> You could do this if using Shiro's native session management and >>>> you're using a SessionDAO that talks to a datastore that allows you to >>>> do bulk updates. >>>> >>>> Finally note that 'rememberMe' users will still be remembered as long >>>> as their rememberMe cookie exists. If you delete any remembered >>>> Subject's session, they will still be remembered on the next request >>>> (and likely a new session will be created to store the rememberMe >>>> value). They just won't be authenticated. >>>> >>>> HTH, >>>> >>>> Les >>>> >>>> On Wed, Nov 16, 2011 at 9:25 AM, Jason Davis <[email protected]> wrote: >>>>> Hello, >>>>> How can I log out all subjects? I can only find how to get the >>>>> 'active' subject. I'd like to get a list of them all, or just be able >>>>> to log them all out. Is this possible? >>>>> >>>>> Thanks, >>>>> Jason
