Hi, 1) 1. To know if the caches work, you can just turn on DEBUG logs on the appropriate realms : the /AuthorizingRealm/ and /AuthenticatingRealm/ classes. 2. About data refresh, I think it may depend on the implementation of Cache. The default one : /MapCache/, is using a Map to store data so you will need to invalidate data manually (/doClearCache(principals)/) otherwise the cache will return "outdated values" even if authentication and authorization information change.
2) 1. You can use a shiro.ini file to define your security configuration but you can also define it programmatically. If your configuration must be built from dynamic data in database, use the programmatic way. Otherwise, I think that using a shiro.ini file is a good way to get a global vision on your application security. 2. You need to browse into the code to see what's going on, I don't remember exactly but I think that *authc* is a /FormAuthenticationFilter/ which only logs in the user (and calls the /getAuthenticationInfo()/ method) while *roles[]* is a /RolesAuthorizationFilter/ which calls the getAuthorizationInfo() method to check roles. 3. /login.jsp/ must be also protected by the *authc* filter, so that the authentication works. Best regards, Jérôme -- View this message in context: http://shiro-user.582556.n2.nabble.com/CacheManager-and-login-issues-about-shiro-tp7578258p7578265.html Sent from the Shiro User mailing list archive at Nabble.com.
