Les, > Until I we see exceptions or a test case, I don't think there is > anything to do - it should work fine. Something else must be causing > problems (if there are even still problems).
I have run into a problem with Shiro: the ShiroFilter.isHttpSessions() method does an instanceof check on the security manager, checking whether it's an instance of DefaultWebSecurityManager. This doesn't work when the security manager is a JDK proxy to a DefaultWebSecurityManager. Shouldn't we have a WebSecurityManager interface with the isHttpSessions() method defined on it? Cheers, Peter
