Hi All ,
I have rest service for which i am trying to use shiro authentication
mechnism.Below is the scenario :
Client gives username/password to rest service. Service uses shiro to
authenticate and return a session id in response.
Client makes all future request using above session id.
When service gets a request , it gets the session id. It tries to create
a subject using
Subject s = new Subject.Builder().sessionId(sessionId).buildSubject();
and check if(subject.isAuthenticated())
I was getting false for above check and my service request was failing
always.
I tried to implement something which is mentioned here
"https://issues.apache.org/jira/browse/SHIRO-170"; but that did not help me.
I went through
"http://stackoverflow.com/questions/8501058/shiro-authentication-with-sessionid-or-usernamepassword";
Then I tried something like :
When user logs in i create a session and set attribute
session.setAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY,Boolean.TRUE);
and when user log out i set above key to false and do subject.logout();.
I want to know what are side effect of setting
session.setAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY,Boolean.TRUE)
explicitly?
Please reply as this is very important for me.
Also, please suggest me a better way for above implementation.
Regards
ankur
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/what-are-the-drawback-of-setting-DefaultSubjectContext-AUTHENTICATED-SESSION-KEY-in-session-explicit-tp7577719.html
Sent from the Shiro User mailing list archive at Nabble.com.
