Hi... I was hoping someone here could give me some advice on the best way to integrate shiro into our application.
We have a server-based app that is exposed via JMX using an RMI transport. I just recently replaced the JAAS based authentication with a shiro based one. Our app runs in a Spring container and so I used that to instantiate the security realm and the security manager and then have a hack in the code to set the security manager using SecurityUtils. This was just a proof of concept move and have gotten authentication working fine. Now I am moving on to authorization, but initially need to deal with how to manage the subjects so that any calling code can call getSubject and get the correct subject back. Since the calling code needs to just be able to make the call blindly I think the subject needs to be on the ThreadContext, so the question is how to get it there. In looking at it, it looks like I may need to derive from RMIServer and RMIConnection classes. The first being necessary so that I can put an authenticated subject in a manager mapped with some connection id or something. The second being necessary so that I can intercept a call coming in and retrieve the subject from my manager and place it on the thread context. Does this seem like the correct approach? Is there any examples of something like this? Any advice or info would be appreciated. Thanks... -- View this message in context: http://n2.nabble.com/Best-approach-for-integrating-shiro-tp3512431p3512431.html Sent from the Shiro User mailing list archive at Nabble.com.
