Dear community,
I am working on a project using Jboss 4.2.3 with Seam framework and Shiro
1.2.
The architecture is mainly using restful webservices (resteasy). In this
framework, there is a general authenticator, which is called on every single
rest request. Of course, i would like to support multiple
users at the same time, so i decided to deactivate session handling of shiro
by the following code:
*((DefaultSessionStorageEvaluator)((DefaultSubjectDAO)((DefaultSecurityManager)SecurityUtils.getSecurityManager()).getSubjectDAO()).getSessionStorageEvaluator()).setSessionStorageEnabled(false);*
The class that is called on each webservice (rest) request is implemented in
the following way:
-----snippet (Authenticator) begin------
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken usernamePasswordToken = new
UsernamePasswordToken(username, password);
usernamePasswordToken.setRememberMe(false);
String ipAddress = "";
HttpServletRequest httpRequest =
ServletContexts.instance().getRequest();
currentUser.login(usernamePasswordToken);
loginSuccessful = true;
return currentUser.isAuthenticated();
-----snippet end-------
My question is now - is this the right way how to do that?
Many thanx in advance for any suggestion/hint.
br
shannon
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Shiro-and-Jboss-Seam-2-2-integration-tp7578239.html
Sent from the Shiro User mailing list archive at Nabble.com.
