Hi all, In the docs, Shiro seems to assume that SecurityManager is an application-wide instance, and that SecurityUtils.getSubject() will use that SecurityManager.
In my use case, which is a Karaf shell-based application, there can be multiple instances of CommandSession, a CommandSession can be associated with a local session or a remote/SSH session. A CommandSession is not bound to a thread. First question is, how do I get the Subject/SecurityManager, given a CommandSession ? Another complication is : A single Karaf VM may host multiple tenants. A CommandSession is bound to a specific tenant, but a CommandSession can switch to another tenant. Each tenant has its own security configuration, so each tenant has its own realm. When authenticating using a CommandSession, it needs to authenticate to a specific tenant (the choice of tenant is stored in the CommandSession), not to all tenants/realms. Any ideas ? Hendy -- View this message in context: http://shiro-user.582556.n2.nabble.com/Subject-SecurityManager-that-is-dependent-on-a-non-global-thread-scoped-object-tp7577892.html Sent from the Shiro User mailing list archive at Nabble.com.
