Hi Brian and those who are interested in Shiro with browser's multi tab I was a bit busy over the last weeks, so I was not able to go further on this problem. Anyway, I'm back here on 'multiple Subjects in one Session' and want to give a short feedback, because I have solved my 'multi tab issue' now.
First I followed the idea from Brian to only extend the SessionManager. I controlled the Cookie generation and created a new SessionId Cookie (and therefore a new Session) for every new tab. I did it by appending the Vaadin's embedId in the Cookie's name. As conclusion each ServletRequest had multiple sessionIdCookies, one for each tab. Everything worked fine, except that sometimes I got a ServletRequest without an embedId, which resulted in a not authenticated Subject. I did not find out, why sometimes a request came in without embedId. Anyway, I don't know Vaadin so much in detail when it comes to network communication, so in my opinion, it was a bit too risky to get this working. That was the reason I came back to my initial idea, because that only affects the Shiro mechanism itself, but not the VaadinSessions and communication too (except the reading of the embedId). For storing and reading the Sesssion's attributes 'Authenticated' and 'Principals' I added a separate pair of them for each browser tab by appending the embedId to the attributes name. After some bug fixing of my code, I got it to work without any unexpected Vaadin behaviours. For realizing this, I had to extend SubjectDAO and SubjectContext. For teaching Shiro to use those classes I had also to extend classes like SecurityManager, SubjectFactory and Subject. The changes are minimal and easy to understand. For the special case, where I have to login with SSO (this is configurable by the customer), I don't want to have a separate Subject for each tab. For this case, I added a special Session attribute 'FORCE_SESSION_AUTH'. Using this flag I can dynamically decide, if I need one Subject for the whole Session or for every tab. I hope this explanation together with my initial post gives you an idea of my solution. Please forgive me that I can not deliver all those code changes here in the forum, because of our company's policy. But if you need some more pointers I'm glad to give you advice. Greets Michi -- Sent from: http://shiro-user.582556.n2.nabble.com/