I ended up implementing an AuthenticatingFilter which, after a successful login, sends back an access token. And an AuthorizingFilter which looks for the presence of a valid access token in a certain http header.

Sorry for the low effort question.

On 13-Oct-16 09:19, Gabriel Titerlea wrote:

I want to use an http header instead of a cookie for session management.
I have a web-service which is accessed from a web client (web application) and from a desktop client (desktop application). I want the desktop client to receive a session header which will be used for subsequent requests as a session id (Similar to OAuth authorization tokens). The desktop client and the web client will send all requests with this session header instead of a cookie.

How can I make shiro look for a certain header and not for a cookie when determining whether an http request is authenticated or not?

Thank you,

Reply via email to