Thanks Jonathan. I kind of figured that using roles to restrict access is the way to go, but I want to find a solution for the scenario the way I described it.
The fact is the two entry points are NOT into the same thing, but two different apps (although they reside in the same webapp), each with its own set of url paths and user base. Is it not possible for each set of users to be authenticated separately based on logins for each set of urls? I was hoping this would be a somewhat common use case. Rama -- View this message in context: http://shiro-user.582556.n2.nabble.com/Sessions-from-different-filters-interfering-with-each-other-tp7451046p7479475.html Sent from the Shiro User mailing list archive at Nabble.com.
