Ok, I just figured I would read about the "web" config even though the trail in the reference manual leads me to spring specific and then never explains the filter chains.
So I understand where the config is set up now and I know I do not need to deploy the shiro jar with my client. Good! That is fantastic. But what is the suggestion to set up an application that is entirely roles, permissions and user based EXCEPT login and logout if all of my services are under /remote/* /remote/securityService=anon /remote/** = perms, roles, user is that the suggested way to do it? And it seems a org.springframework.remoting.RemoteAccessException: is being thrown not an AuthorizationException. Is there anything obvious that you may think is wrong? -- View this message in context: http://shiro-user.582556.n2.nabble.com/Best-way-to-associate-Session-to-SecureRemoteInvocationFactory-tp5541140p5543302.html Sent from the Shiro User mailing list archive at Nabble.com.
