Hi Rory, This is the recommended approach for accessing session state anywhere in your application. The benefit of this approach is that your Realm does not need to be tied to HTTP-specific APIs - which is cleaner when thinking about separation of concerns (IMO).
And, while you can use the session to store this information, you're really talking about multi-tenant management within an application. The Shiro session is a good and easy way to support this kind of behavior without getting into other/more complicated approaches like manual uses of ThreadLocal. Cheers, -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com On Fri, Nov 25, 2011 at 4:06 AM, [email protected] <[email protected]> wrote: > I figured out a way to do what I need. > > I can get the variable I need in the doGetAuthenticationInfo method from the > shiro session using the following calls > > Subject subject = SecurityUtils.getSubject(); > Session sess = subject.getSession(); > String client = (String)sess.getAttribute("client"); > > I had previously set the session value for client in my Login class. > > Im not sure if this is the best way to obtain values in the shiro filter but > it works for me here. > > -- > View this message in context: > http://shiro-developer.582600.n2.nabble.com/JDBC-Realm-access-to-HttpSession-tp7028935p7030909.html > Sent from the Shiro Developer mailing list archive at Nabble.com.
