Hi Jelle, The appropriate set-up for a web-enabled application is to use the JSecurityFilter in web.xml. It will set up a DefaultWebSecurityManager and do Request binding automatically:
http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html After the filter is defined, just do this anywhere in code: SecurityUtils.getSubject(); You shouldn't interact with the SecurityManager directly unless you're programming infrastructure/framework code. Check out the sample web application in the jsecurity distribution and look at its web.xml file and applicationContext.xml file. It shows you how to configure Realms and other things in Spring which will then be accessible to the JSecurityFilter at runtime. Cheers, Les On Tue, Feb 3, 2009 at 12:17 PM, jvreeker <[email protected]> wrote: > > Hi, > > I have a tomcat server, with spring using cxf to enable the soap calls. > > So I have a soap call login. when I call securityManager.getSubject() I get > always the same subject back. > I though it was because I am using > org.jsecurity.mgt.DefaultSecurityManager. > > So I tried DefaultWebSecurityManager but then I am getting errors. > No ServletRequest found in ThreadContext. Make sure WebUtils.bind() is > being > called. > > But in the first option if I use getSubject().GetSession it returns > different sessions. > should I then use SessionManager and the correct sessionID. > > Is this the correct way? > Thanks, > Jelle > -- > View this message in context: > http://n2.nabble.com/using-CXF-with-JSecurity-tp2264471p2264471.html > Sent from the JSecurity User mailing list archive at Nabble.com. > >
