Yeah, typical HTTP stuff, REST is stateless, so you don't need to require a separate login, although cookies, etc should work fine.
>From within your web app you can do: SecurityUtils.getSubject() Take a look at the examples for Shiro, I don't know if there is a REST specific one, but it basically works the same way. On Thu, Sep 16, 2010 at 2:19 PM, tim.sparg <[email protected]>wrote: > > okay I think that what I'm trying to understand is how the client is told > that he needs to authenticate. > > Does the server send a HTTP 401 response telling the client to > authenticate, > at which point the client resends the request with the auth details in the > header? (would this happen on every message?) > > And on the server side all of this is handled by the Shiro interceptor and > and your Authentication realm..? > > How would I then get hold of the Subject/user information within the > webservice? > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Shiro-and-RESTful-web-services-tp5539212p5539787.html > Sent from the Shiro User mailing list archive at Nabble.com. >
