The way the pair works is that the client-side Factory creates the RemoteInvocation (RI). The subject's session ID is sent with the RI payload on every remoting request.
Once the RI is received by the server, the server-side Executor: 1) Extracts the session ID from the RI 2) Acquires the Subject corresponding to that session ID 3) Binds this Subject to the thread so that all calls to SecurityUtils.getSubject() during the thread's execution will function properly. Is this what you were looking for? Does this help? Regards, Les On Wed, Dec 30, 2009 at 5:26 PM, rchristy <[email protected]> wrote: > > I guess the part that I don't understand (using the samples/spring code base, > DefaultSampleManager.java for example) is I see the following code segment > > Subject subject = SecurityUtils.getSubject(); > Session session = subject.getSession(false); > > on just about every method and the subject state is being maintained between > the client/server. I guess I don't understand what is maintaining the state > between the client/server in this example. Any clarification would be > appreciated > -- > View this message in context: > http://n2.nabble.com/SecureRemoteInvocationFactory-SecureRemoteInvocationExecutor-tp4234121p4234289.html > Sent from the Shiro User mailing list archive at Nabble.com. >
