Thanks Dominic! I will give this a try. I know RESTful is stateless but I am trying to learn how to secure my RESTful services but without any luck yet. I have googled and all tutorials seem to be incomplete.
I have look at: http://docs.oracle.com/cd/E24329_01/web.1211/e24983/secure.htm but it is not a complete tutorial so I am hanging. Do you happen to know of any tutorial/site that shows a complete tutorial on how to secure the RESTful web service using web.xml, SecurityContext or Annotations. On Oracle site, it shows how to configure the web.xml file but how do I do it in Java code so that I can check for the user role configured in the web.xml so that the user can consume the service according to his role. I know this is not related to Shiro but if you can point me to the right direction then it would be great. -- View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-get-the-user-session-using-apache-shiro-with-jersey-RESTful-tp7579771p7579791.html Sent from the Shiro User mailing list archive at Nabble.com.
