Hi Brian, Thanks for heads up.
I have added Session Id got from shiro auth provider as cookie to request header. HttpGet getmethod = new HttpGet("http://localhost:8080/shiroauthproviderapp/auth/getalluser"); getmethod .setHeader("Authorization", "bearer " + _session_id); //not necessary getmethod .setHeader("Cookie", "keymanager=" + _session_id); // JSESSIONID And modified Shiro.INI - cookie = org.apache.shiro.web.servlet.SimpleCookie cookie.name = keymanager sessionManager.sessionIdCookie = $cookie So, now I'm able get the Subject and permission lists. Please let me know if I'm wrong. Thanks -- Sent from: http://shiro-developer.582600.n2.nabble.com/