Use an http header instead of a session cookie
Hello, I want to use an http header instead of a cookie for session management. I have a web-service which is accessed from a web client (web application) and from a desktop client (desktop application). I want the desktop client to receive a session header which will be used for subsequent requests as a session id (Similar to OAuth authorization tokens). The desktop client and the web client will send all requests with this session header instead of a cookie. How can I make shiro look for a certain header and not for a cookie when determining whether an http request is authenticated or not? Thank you, Gabriel
custom in shiro.ini
Hi, What is the "custom" variable in the shiro.ini? I am trying to use buji-pac4j and I see that in a demo application [1] it uses a "custom" variable. Where is this variable defined? What is it used for? I see that it is used like this: custom:$customAuthorizer. And the variable customAuthorizer is defined above: customAuthorizer= org.pac4j.demo.shiro.CustomAuthorizer Why not use $customAuthorizer directly? Is custom used as a namespace for user-defined variables? [1] https://github.com/pac4j/buji-pac4j-demo/blob/master/src/main/resources/shiro.ini Regards, Gabriel