I do not know whether anyone would consider it best practice, but we keep
Shiro subjects separate from any additional information. Instead we have a
CDI bean which is initialized on login using the subject principal's name -
which to this end obviously has to be unique - and then look that user up in
the database and populate the additional information inside the CDI bean
where we can lookup the information at any time.
CDI bean login() method:
AuthenticationToken at = (new UsernamePasswordToken(username, password,
false));
subject.login(at);
compendium.init();
CDI bean Compendium.java:
@PostConstruct
public void init() {
if (user == null && subject.getPrincipal() != null) {
User ref = new User();
ref.setName(subject.getPrincipal().toString());
user = qiFacade.get(ref, User.ROOT);
if (user != null) {
tenantId = user.getTenantId();
if (user.getLocale() != null) {
locale = user.getLocale();
}
}
}
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Best-Way-to-Add-Multiple-Fields-to-Subject-tp7580796p7580799.html
Sent from the Shiro User mailing list archive at Nabble.com.
