I already started to work with solution number 1. This means I had to change the web module, in such a way that I can pass the ServletContext to the WebGuiceEnvironment (this was the only place where the Servletcontext is actually used). I did this by exposing the WebGuiceEnvironment and getting it from the injector when the ServletContext becomes available:
getInjector().getInstance(Key.get(WebGuiceEnvironment.class)).setServletContext(servletContextEvent.getServletContext()); I don't know yet if this approach has other side effects that I cannot see right now. I actually want to use automatic authentication based on cookies and REST resources authorization with AOP. This means I need to hook somehow in the RequestHandler and authenticate the user before it reaches the resources. As far as I know this is not supported by Shiro, but it is a real use case and I would like to use Shiro because of all the cool features it has. I'll take a look also to the solution you provided and see if this suits better. Looks indeed a bit simpler. PS: Right now, the jetty server is bound to a Provider which configures the jetty server.The ServletContextListener is bounded to a GuiceServletContextListener which gets the injector injected and is not created there. The server Provider is also taking care of registering a ServletContextHandler, which in turn registers the GuiceFilter. This is so because it's an embedded server set-up, without any web.xml file. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Why-is-Shiro-assuming-that-you-already-have-a-server-running-tp7578017p7578023.html Sent from the Shiro User mailing list archive at Nabble.com.
