Shiro subject on HttpSession

Question

I'm using Shiro on my application layer which is served trough web requests. I think SecurityUtils.getSubject won't work as expected as I want to save the current subject through different requests, and I don't want to use Shiro Web utils, because I would like to dettach my Application Layer from the way it is served( I will later build a GUI to access it ).

So, can I, for example, return from my application layer the Subject instance, to be saved by the client in an HttpSession or whenever it wants, and retrieve it at a later time to avoid having to re-authenticate it?

score 0 · Answer 1 · answered Oct 02 '13 at 19:35

0

I think the best way to do this is to keep the subject's sessionId in the client and acquiring the subject again via:

Subject requestSubject = new Subject.Builder().sessionId(sessionId).buildSubject();

Am I right?

answered Oct 02 '13 at 19:35

bgarate

116
2
9

Shiro subject on HttpSession

1 Answers1