shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <>
Subject Re: JDBC Realm access to HttpSession
Date Tue, 29 Nov 2011 01:14:05 GMT
Hi Rory,

This is the recommended approach for accessing session state anywhere
in your application.  The benefit of this approach is that your Realm
does not need to be tied to HTTP-specific APIs - which is cleaner when
thinking about separation of concerns (IMO).

And, while you can use the session to store this information, you're
really talking about multi-tenant management within an application.
The Shiro session is a good and easy way to support this kind of
behavior without getting into other/more complicated approaches like
manual uses of ThreadLocal.


Les Hazlewood
CTO, Katasoft | | 888.391.5282
twitter: @lhazlewood |
katasoft blog:
personal blog:

On Fri, Nov 25, 2011 at 4:06 AM,
<> wrote:
> I figured out a way to do what I need.
> I can get the variable I need in the doGetAuthenticationInfo method from the
> shiro session using the following calls
> Subject subject = SecurityUtils.getSubject();
> Session sess = subject.getSession();
> String client = (String)sess.getAttribute("client");
> I had previously set the session value for client in my Login class.
> Im not sure if this is the best way to obtain values in the shiro filter but
> it works for me here.
> --
> View this message in context:
> Sent from the Shiro Developer mailing list archive at

View raw message