Hi pmac, What we do is authenticate a user with his password by going to the database. Then, we check if he is an "active user" by again going to the database. We could have implemented the enable check higher up but by doing both these checks in shiro, we can have denials handled the same way.
Thanks ! Dan -- View this message in context: http://shiro-user.582556.n2.nabble.com/Using-native-web-sessions-tp6799265p6821049.html Sent from the Shiro User mailing list archive at Nabble.com.
