Just catching up on this thread. After reading the wiki doc, it looks trivial to implement a SessionStorageEvaluator
I hobbled something together with Shiro 1.1 which I think can be cleanly replaced now. I'll keep you posted. Nice work! On Fri, Jul 1, 2011 at 1:58 AM, Les Hazlewood <[email protected]> wrote: > Note to all following this thread: > > I've just updated the codebase to provide out-of-the-box web support > for this via a 'noSession' filter added to the default filters pool. > It can be used in filter chains, for example > > [urls] > ... > /rest/** = noSession, authcBasic > > The 'noSession' filter will prevent both Shiro and application > developers from creating a new session for that particular filter > chain. Please see the last few comments on > https://issues.apache.org/jira/browse/SHIRO-266 for more details. > > This should provide an out-of-the-box solution for anyone doing REST > or SOAP so they don't have to implement a web-specific > SessionStorageEvaluator themselves. > > Feedback welcome. > > Cheers, > > -- > Les Hazlewood > CTO, Katasoft | http://www.katasoft.com | 888.391.5282 > twitter: http://twitter.com/lhazlewood > katasoft blog: http://www.katasoft.com/blogs/lhazlewood > personal blog: http://leshazlewood.com >
