Hi Eduard, You're using a Vaadin application, which saves its UI component state in the http session. In a web environment, the Subject instance is expected to be constructed and destroyed with every request.
Are any of your Vaadin components saving the Subject instance as a class attribute? If so, this will cause problems because the the Subject instance saved may not be the same subject instance corresponding to the current request. Calling SecurityUtils.getSubject() is the safest way to acquire a Subject in a web application. If you don't want to do this, and instead want to use the Subject instance as a saved class attribute, the Subject instance would need to be a lightweight serializable proxy that would call SecurityUtils.getSubject().XXX for each of the Subject interface implementation methods. Does this make sense? Might this be what is happening in your application? Regards, Les On Sun, Apr 17, 2011 at 11:12 AM, Eduard Neuwirt <[email protected]> wrote: > Found this: > http://shiro-user.582556.n2.nabble.com/There-is-something-wrong-Integrating-zkoss-with-shiro-td3773207.html > > Is it the same situation ? > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/currentUser-logout-problem-tp6277499p6281466.html > Sent from the Shiro User mailing list archive at Nabble.com.
