By same thing, I meant the security services, not the application. The roles approach seemed the easy way. What you really seem to be looking for is a security filter that discriminates based on WHICH realm authenticated you, which would seem like an extension to the authc filter that takes a parameter - the name/class of the realm.
On Thu, Apr 19, 2012 at 2:02 AM, rama.casturi <[email protected]> wrote: > Thanks Jonathan. I kind of figured that using roles to restrict access is the > way to go, but I want to find a solution for the scenario the way I > described it. > > The fact is the two entry points are NOT into the same thing, but two > different apps (although they reside in the same webapp), each with its own > set of url paths and user base. > > Is it not possible for each set of users to be authenticated separately > based on logins for each set of urls? I was hoping this would be a somewhat > common use case. > > Rama > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Sessions-from-different-filters-interfering-with-each-other-tp7451046p7479475.html > Sent from the Shiro User mailing list archive at Nabble.com. -- Jonathan Barker ITStrategic
