Hi Les, Thanks for the suggestion. I will take a look at it. I guess I should have been more clear about what I'm trying to do.
Basically, I was being lazy and decided to use Jersey REST service + simple UI as my test harness since it's quickest way for me. What I was trying to do is actually testing non-web applications. However, what I will ultimately end up doing is using Shiro to manage both web app + non-web app. A typical scenario would be: UI -> Servlet -> App A -> AppB -> ... (servlet is web tier for App A and App A sends a request to service provided by App B, etc.) What would be the best way to have the Shiro session working across web apps and non-web apps for SSO? I also saw that I should be using DefaultWebSecurityManager, but when I tried using it, I got this exception "SessionContext must be an HTTP compatible implementation". Today is the second day I work with Shiro so I'm still trying to understand how everything works. Thanks, Jack -- View this message in context: http://shiro-user.582556.n2.nabble.com/Interesting-Behavior-of-isAuthenticated-on-Jersey-Jetty-Shiro-tp6208130p6209116.html Sent from the Shiro User mailing list archive at Nabble.com.
