String sessionId = //get from somewhere - request or remote invocation, whatever SecurityManager securityManager = //Shiro's SecurityManager from app's Shiro setup Subject subject = new Subject.Builder(securityManager).sessionId(sessionId).buildSubject();
Then you'll want to bind/unbind the subject to/from the thread. You can see an example of this get-by-session-id and then bind/unbind logic in the Spring support module's SecureRemoteInvocationExecutor: http://svn.apache.org/repos/asf/shiro/trunk/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationExecutor.java The invocation represents a remote method invocation, and the session id is acquired from the invocation's payload. The most important part after the Subject is constructed is calling the execute method to ensure the Subject is bound/unbound from the thread automatically as the rest of the call stack executes. Subject building and bind/unbind options are covered in more detail here: http://shiro.apache.org/subject.html in the "Custom Subject Instances" section. HTH, -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com
