Hi All, I'm currently using Spring Security which until now was doing a fine job for my needs. Once we started doing session clustering w/o any session stickiness, we ran into issues with Spring Security. Specifically, it saves a lot of security related classes in the Session which makes Session serialization inefficient. Even more so, trying to use a performant serialization method like Kryo is difficult because of the not-so-POJO-friendly design of the Spring Security classes.
Anyway, Shiro seems like one good alternative and i've been studying it for the last day. My question concerns integration with Facebook Connect and Session usage. Our site is Facebook Connect only so that is the only requirement for authentication. We do cross reference some user preferences for app speficic authorization information. It seems like i'd need a custom filter to retrieve the Facebook credentials and a custom Realm that doesn't do much more than see if the user already exists in the store + some other roles logic. So any help would be appreciated for helping me answer: 1. What is the ideal way anyone here has done this (i'm sure i'm not the first)? 2. I have some custom "login" logic to check if the user exists and create the user if not + some other locked status stuff. I assume this goes in the Realm? 3. What kind of data does Shiro actually save in the Session? We're very keen on keeping it as lean as possible and easily serializable using Kryo or other performant library (these libraries usually use default constructors and reflection). 4. We have some functionality that sends requests that don't contain the SessionID (from flash) so we just include the SessionID as a request parameter and "inject" the security context using a filter in the request thread. Is that possible with Shiro without doing a complete "login" process? It should allow Session lookup by id. Thanks in advance and again, much appreciated! -- View this message in context: http://shiro-user.582556.n2.nabble.com/Advice-on-Shira-with-FB-Connect-Session-Clustering-Efficiency-tp6832777p6832777.html Sent from the Shiro User mailing list archive at Nabble.com.
