Your frontend server only serves up the html, css and javascript page, right? Then you can either code your html / javascript to authenticate to your backend and store the Shiro session cookie with the client's web browser or have your frontend serve as a proxy for authentication by passing everything concerning authentication back and forth between backend and client browser.
How to implement either way depends very strongly on the framework / technology you plan to use on the frontend and is not related to Shiro. The only thing related to Shiro is that when you successfully authenticate to Shiro it per default returns a session cookie over HTTP(S). You can disable session cookies to make it completely stateless but then you would have to store user credentials on the frontend for the duration of the session and pass the credentials to the backend with every REST invocation. -- View this message in context: http://shiro-user.582556.n2.nabble.com/apply-shiro-to-backend-or-frontend-tp7581026p7581030.html Sent from the Shiro User mailing list archive at Nabble.com.
