So you're saying that, for example I use the authc filter in one webapp (performing thelogin) and then use the UserFilter in another webapp with the same browser, same session I will be authenticated in the second webapp?
-- Rui On Tue, Aug 2, 2011 at 9:54 PM, Les Hazlewood <[email protected]> wrote: > I'm not sure why you're using the Subject.Builder. > > If you subclass the IniShiroFilter (or its parent > AbstractShiroFilter), the WebSubject is already created and bound to > the thread for you so that SecurityUtils.getSubject() will work > correctly (and return WebSubject) instances. > > The AbstractShiroFilter will also build the WebSubject according to > the JSESSIONID as expected - no need to re-implement this yourself. > > > http://svn.apache.org/repos/asf/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/AbstractShiroFilter.java > > HTH, > > Les >
