Making intra-server HTTP calls on behalf of a client (delegation)

[Chris Cicchetti <cc...@redseal.co>]

I am working on a mature application (Spring 3.x, Shiro 1.2.x) and have written a long-poll mechanism for making long queries to avoid browser timeouts. It works by "tunneling" HTTP calls to the server and making the calls from the server-side, i.e., "delegating" the client call to the server. But, I run into authentication issues with Shiro.

I have tried the "hack" of reusing the JSESSIONID to make the call, which works correctly sometimes but not consistently. Regardless, this seems like a work-around and not the correct approach.

Is it possible http calls within the server and maintain the use of Apache Shiro? If so, how? I would really like this to work as I would like to maintain the current Shiro security per client.

I have verified that the Shiro Subject on the incoming HTTP call is authenticated and that the Subject is correctly passed to the thread on which I would like to make the http call.

Thanks!
C2Dev