Hi In fact, there is a trouble : the filter create a "dummy" Subject (without authencation and principals) and the HTTP datas are binding during the SecurityUtils.getSubject(). So : let's say you login in thread24. After you do other things (getting roles, for example), but in thread25. After the SecurityUtils.getSubject(), you get a Subject, but a "dummy" one. So you have to test the Subject.isAuthenticated() and if the result is false, you have to unbind the Subject from the ThreadContext and retry.
I don't know why it's working in your case, but i suppose you're using always the same thread (no flex concurrent accesses). Jean-Charles -- View this message in context: http://n2.nabble.com/SHIRO-and-Flex-RPC-tp3230066p3261968.html Sent from the Shiro User mailing list archive at Nabble.com.
