There are two paths in the same application that need to have seperate user bases.
/foo/** -> only FooUsers should access /bar/** -> only BarUsers should access. FooUsers and BarUsers are seperate and an authenticated FooUser should only be able to access /bar/** iff she can also get authenticated as a BarUser too. (and vice versa) So basically, 1) user tries to access a page matching /foo/** 2) user is redirected to foo login page 3) user authenticates and continues to the page 4) user tries to access a page matching /bar/** 5) user is redirected to bar login page 6) user authenticates and continues to the page. Currently since there is only a single cookie definition for the security manager, even though I can achieve user base seperation with different realms after a FooUser is authenticated she can directly access pages matching /bar/**. I would be glad if you could advise on a solution. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Multiple-security-managers-and-realms-to-handle-authentication-for-different-sets-of-urls-tp7445068p7579751.html Sent from the Shiro User mailing list archive at Nabble.com.
