Thanks for your time!
Yes, i do all these things per request. I go to the SSO server per request
in order to authenticate. But, as a result of this call, we also get some
extra info that have to do with the user. E.g. the company and the team the
user is working for. We want this kind of info to be available later, in the
same request, in a nice way. But only until the request ends. I don't want
to persist this info any longer.
I know that i can keep this info into some request-scoped structure. But due
to the fact that this is security-related data, i would like to keep them
close to Shiro entities. e.g. i would like to say:
subject.getSecurityInfo(). As i don;t want to extend the subject, i found
that a possible place is to use the Session but only in a request-scoped
approach. I don't need to persist to datastore, i dont need caching etc. But
i really like the idea of using:
subject.getSession().getAttribute("securityInfo")
Can i setup Session to be used in this specific way?
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Use-of-Session-as-a-context-bucket-tp7579404p7579415.html
Sent from the Shiro User mailing list archive at Nabble.com.
