shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jcvidal <>
Subject Re: SHIRO and Flex-RPC
Date Wed, 15 Jul 2009 09:16:04 GMT


In fact, there is a trouble : the filter create a "dummy" Subject (without
authencation and principals) and the HTTP datas are binding during the
SecurityUtils.getSubject(). So : let's say you login in thread24. After you
do other things (getting roles, for example), but in thread25. After the
SecurityUtils.getSubject(), you get a Subject, but a "dummy" one. So you
have to test the Subject.isAuthenticated() and if the result is false, you
have to unbind the Subject from the ThreadContext and retry.

I don't know why it's working in your case, but i suppose you're using
always the same thread (no flex concurrent accesses).


View this message in context:
Sent from the Shiro User mailing list archive at

View raw message