Hi Al, Been thinking about your question a little more and have an alternative answer:
You could define your own realm (to validate the information from the cookie token) and token (built from the cookie). You would still have a session under the covers but it could simply be an in memory session that you don't really care about (other than for the duration of the invocation). Cheers, Stuart On Wed, Sep 11, 2013 at 3:47 PM, Stuart Broad <[email protected]> wrote: > Hi Al, > > I would think you still need sessions (even if they never expire...or at > last a long time!). Sounds more like your problem is building a subject > with some information from a cookie (in most cases this cooke information > would essentially be the session id). > > I think what you need is: > > 1) Subject requestSubject = new > Subject.Builder().sessionId(sessionId).buildSubject(); > > -or- > > 2) Subject requestSubject = new > Subject.Builder(aSessionManager).sessionId(sessionId).buildSubject(); > > Cheers, > > Stuart > > > On Tue, Sep 10, 2013 at 7:29 PM, ajoslin103 <[email protected]>wrote: > >> Hi There, >> >> We are trying to implement SSO across multiple WARs across multiple >> servers >> >> Shiro is a perfect fit for us as we have to support multiple >> authentication-only realms and a single authorization scheme >> >> We would like to do this with cookies only >> >> What is the best way to serialize & reconstitute a Shiro subject in >> support of this ? >> >> Thanks! >> >> Al; >> >> >> >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/Can-I-do-Shiro-without-Sessions-tp7579120.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> > >
