Sure, this should work: [main] securityManager = com.whatever...MySecurityManager ...
However, it is very odd to subclass the SecurityManager implementations - they are designed specifically to be global wrappers around the components that do the heavy lifting. You should be able to plug in those components rather than subclassing your own SM. Of course, you can do whatever you want, but that's the general idea ;) Also, you should be using the org.apache.shiro.web.servlet.IniShiroFilter now - not the org.apache.shiro.web.servlet.ShiroFilter. The plain ShiroFilter has been deprecated and will be removed for the 1.0 release. Regards, Les On Tue, Apr 20, 2010 at 7:05 PM, David Higginbotham <[email protected]> wrote: > > I'm trying to use the ShiroFilter. I'd like to extend the default > security manager and start up this new security manager in the filter. > Is this possible ? > > securityManager = domain.mystuff.MySecurityManager > securityManager.sessionMode = native > > As far as I can tell this is being ignored. I always get an instance of > the DefaultSecurityManager. > > Thanks, > > David >
