Quote: "i want our Services to be stateless and authenticate and authorise in every request" I would implement my services to be as stateless as may be and retrieve the data from the SSO server on every request. Now, if I understand correctly, you are trying to cache some data from the SSO server. In my opinion, the clean way would be to retrieve the user specific security context data on every request since on the SSO server things might have changed during the meantime. Otherwise, you might be giving users permissions which have been withdrawn recently?
-- View this message in context: http://shiro-user.582556.n2.nabble.com/Use-of-Session-as-a-context-bucket-tp7579404p7579414.html Sent from the Shiro User mailing list archive at Nabble.com.
