Hi all,
I was reading through the documentation and I couldn't find relevant information so hope you guys can help.. essentially I have three Subject / user session management scenarios in the one web application.. 1) Certain urls are accessed via a user's browser, this is easy enough with the FormAuthenticationFilter or PassThrough version and sessions are managed by Shiro using the default Servlet container sessions - it is a Spring MVC application and so it is important that the session data is stored in the same object regardless of if set via a Subject or on the session passed to any controllers.. this works fine. 2) Another set of URL's are accessed differently and require authentication on every request with Basic Authentication so a BasicHttpAuthenticationFilter is used but any session created must be destroyed at the end of the request, however I may need to fire up separate threads during these requests that will run as the authenticated user. 3) Other processes are kicked off by Quartz and are run as particular subjects and I need to be able to create Subjects that are not dependent upon any form of web context (e.g. HTTPRequest / Session). So the problems I need to solve in the same configuration are : HTTP basic authentication of a subject (ok), populating their session with some data (because the session is the only "data holder" that a subject has) and starting other threads with this subject and session whilst ensuring that their session is no longer hanging about in the application once the HTTP request is complete and any child threads have completed. Web application sessions such that any data set on the HTTPSession (filters, controllers etc.) is available from the Shiro subject session (in the request thread and any child threads that may be started). Subject creation (and again session as a data holder) where there is no web context. If anyone can detail how the combination above could be achieve or point me in the direction of other articles that may have achieved this I would be most grateful (the web subject / session and non-web subject / session in the same app must be a common use-case right?) Regards, Marcus.
