For Web Application security , I am planning to have basic authN & AuthZ done at the proxy layer(Apache HTTP server) and use Apache Shiro at the container level for addtional Auth Z & Auth N (Step-up if needed). The challange is how to synchronize the session between the proxy & the container since AuthN canhappen at 2 levels ( At the proxy it will be basic authentication but at the container level it could be step-up like an OTP or a security question)
Does anyone have any thoughts or have sample examples on this topic ? Thank you -- View this message in context: http://shiro-user.582556.n2.nabble.com/Apache-HTTP-Server-as-Proxy-and-Shiro-at-the-container-level-tp7580537.html Sent from the Shiro User mailing list archive at Nabble.com.
