I think that the session cache manager is a very nice feature in Shiro and I was thinking about using the compact representation of JWT as the session id in the cache manager.
This could be very usefull because we just have to decrypt the JWT on login and store the user profil in the cache manager. So after that, the calls will be only check in the cache without need to uncrypt the JWT. The session validate could also be managed by the session scheduler. I think it make sense for api calls for api gateway security policies for example. regards, François Papon [email protected] Le 07/03/2019 à 00:15, Brian Demers a écrit : > What use cases are you thinking about targeting ? > > > On Wed, Mar 6, 2019 at 1:33 PM Francois Papon <[email protected]> > wrote: > >> Hi guys, >> >> I would like to start a thread about JWT. >> >> We already have a shiro-jaxrs module and I think it would be nice for >> Shiro to be able to use JWT. >> >> There is some existing implementations (Apache CXF JOSE, Apache Geronimo >> microprofile...) and for me it make sence to have an implementation of >> JWT in Shiro. >> >> Thoughts? >> >> regards, >> >> -- >> François Papon >> [email protected] >> >> >>
