The only thing that I noticed is that you login via the security manager this.securityManager.login(this.subject, token); whereas I login via the subject subject.login(new UsernamePasswordToken(username, password, isRemembered)); I do not know whether both ways produce the same results.
On a side note: Maybe you want to have a look at https://github.com/ops4j/org.ops4j.pax.shiro if only to see how they integrate Shiro with CDI. I use it and though it has some issues with JSF and nested components the 'none-facelet' basics work well enough. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-displaying-wrong-user-data-after-2nd-authentication-tp7580492p7580501.html Sent from the Shiro User mailing list archive at Nabble.com.
