Shiro
  1. Shiro
  2. SHIRO-266

Login/Logout: Enable pluggable Subject state binding

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.0, 1.1.0
    • Fix Version/s: 1.2.0
    • Component/s: Session Management, Subject
    • Labels:
      None

      Description

      After login, a subject's state (principals, authentication state, etc) are bound to the Subject's session. This allows Shiro to reconstruct the Subject instance later on by acquiring a Session (e.g. by id) and reconstructing the Subject based on the Session's state.

      In stateless environments (e.g. some REST-enabled applications), it is not desirable to create a session. There should be a pluggable component that performs state binding and unbinding for subject login and logout, respectively. Stateless applications can choose to configure Shiro with a stateless binder if they don't want sessions to be created.

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Les Hazlewood
              Reporter:
              Les Hazlewood
            • Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development