Shiro subject on HttpSession
I'm using Shiro on my application layer which is served trough web
requests. I think SecurityUtils.getSubject won't work as expected as I
want to save the current subject through different requests, and I don't
want to use Shiro Web utils, because I would like to dettach my
Application Layer from the way it is served( I would later build a GUI to
access it ).
So, can I, for example, return from my application layer the Subject
instance, to be saved by the client in an HttpSession or whenever it
wants, and retrieve it at a later time to avoid having to re-authenticate
it?
No comments:
Post a Comment