Hello everyone, I'm just getting started with Shiro really, so I'm fully open to the idea that I'm doing it all wrong.
My technology stack shouldn't really factor into this question, all you really need to know is it's a web app using Hibernate. First question. I have a Hibernate POJO entity called User, which is fetched by my custom HibernateRealm and stored as a Principal against the Subject. Is this recommended practice? I've seen a few places mention just storing the username (or user id, etc...), but that would seem to make the Shiro JSP tags less useful (can't do <shiro:principal property="firstName" />, for example). My other question is related to the first. How should I go about invalidating/updating the stored Principal of a Subject when changes are made to the User entity? For example, the User entity has a GetFullName method, which is used to display a welcome message at the top of the page they're on. If they go into their account settings and update their name, the previous value will still be displayed on the pages until they reauthenticate due to the User instance being held by the Subject. Is there a way to invalidate the Principal when the user saves changes to their account? I've read something about an Authentication Cache, which sounds promising, but haven't been able to find any documentation (only real mention of it is here: http://shiro-user.582556.n2.nabble.com/Invalidating-Authentication-Cache-slows-performance-td6329816.html). Any help would be much appreciated. Thanks, James -- View this message in context: http://shiro-user.582556.n2.nabble.com/Updating-or-invalidating-Subject-Principals-tp6570762p6570762.html Sent from the Shiro User mailing list archive at Nabble.com.
