On Wed, Aug 8, 2012 at 4:20 AM, kata <januszkiewicz.mar...@gmail.com> wrote: > I am currently using shiro and the tapestry-security plugin to manage > sessions and persist data. Everything works fine when getting the session by > SecurityUtils.getSubject().getSession(). However, this means that the > application is peppered with fragments of shiro-specific code. Since shiro > uses the servlet session API, is there a way to do this in a way that is > transparent to the application, and hopefully still allow me to use > annotations like @Persist and @SessionState?
You should never need to use SecurityUtils. Use SecurityService (http://tynamo.org/constant/sites/tapestry-security/apidocs/org/tynamo/security/services/SecurityService.html) and it's getSubject() if you need to access the Subject directly. Note that Subject is a Shiro specific class, so calling anything after that is a fair game. However, for regular session access you don't need to use anything Shiro specific. For basic cases, you can also stick with servlet-api's security support (namely HttpServletREquest.getRemoteUser() and isUserInRole(...) ), tapestry-security fully supports the standard servlet api. Kalle --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org