okay I think that what I'm trying to understand is how the client is told that he needs to authenticate.
Does the server send a HTTP 401 response telling the client to authenticate, at which point the client resends the request with the auth details in the header? (would this happen on every message?) And on the server side all of this is handled by the Shiro interceptor and and your Authentication realm..? How would I then get hold of the Subject/user information within the webservice? -- View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-and-RESTful-web-services-tp5539212p5539787.html Sent from the Shiro User mailing list archive at Nabble.com.
