> > However, switching to the code Jared suggested seems to be just as > effective. >
Glad to hear it - Jared's suggestion is how we designed it to be used, so I'm glad that it is working for you as expected. > Also, thanks for the pointer to the DefaultSubjectDAO. I'm definitely > working in a stateless space, so I'll look that over. > Yes, you'll want to do this for messaging, RPC or infrastructural scenarios. Based on your environment (as I understand it at least), a successful authentication will create a Session, since that is the default behavior for the 80/20 rule (i.e. webapps). If you're doing this 800 times a second, that's 800 sessions per second - no need for that for your use case I think. Please feel free to ask follow up questions - we have quite a few people using Shiro in very high performance environments, and as is the case with any of these, some tweaking will be necessary if your use case isn't a traditional webapp. Cheers, Les
