Paul, the filter suggestion is good way. But to clarify what I meant.
The principal that shiro stores is just an value associated with a key in the session object. By default shiro uses this static value as the key. DefaultSubjectContext.PRINCIPALS_SESSION_KEY. Anyone that has access to the session object can get the object backed by this key. Object principal = request.getSession(false).get(DefaultSubjectContext.PRINCIPALS_SESSION_KEY); I've previously created a simple app for another forum user, but have extended it to show what I mean. clone this repo https://github.com/dominicfarr/skybird-shiro To start app execute this command mvn jetty:run open browser http://localhost:8888 Check out the last section of the read me and look at this jsp<https://github.com/dominicfarr/skybird-shiro/blob/master/src/main/webapp/web/showPrincipal.jsp#L8> On 5 March 2014 07:30, versatec <[email protected]> wrote: > You could do this within a custom shiro filter: > String principal = retrieveUser'sNameFromWherever(); > PrincipalCollection principals = new SimplePrincipalCollection(principal, > "UUID-Realm"); > WebSubject.Builder builder = new WebSubject.Builder(request, response); > builder.principals(principals).authenticated(true); > WebSubject webSubject = builder.buildWebSubject(); > ThreadContext.bind(webSubject); > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Setting-Principals-Outside-of-a-Realm-tp7579653p7579721.html > Sent from the Shiro User mailing list archive at Nabble.com. >
