You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Benjamin Marwell (Jira)" <ji...@apache.org> on 2021/08/18 20:52:00 UTC

[jira] [Updated] (SHIRO-71) Using SecureRemoteInvocationFactory without a preestablished session

     [ https://issues.apache.org/jira/browse/SHIRO-71?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Benjamin Marwell updated SHIRO-71:
----------------------------------
    Component/s: Integration: Spring

> Using SecureRemoteInvocationFactory without a preestablished session
> --------------------------------------------------------------------
>
>                 Key: SHIRO-71
>                 URL: https://issues.apache.org/jira/browse/SHIRO-71
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Integration: Spring
>            Reporter: Jasper Siepkes
>            Priority: Minor
>
> The current implementation of the SecureRemoteInvocationFactory type assumes a use case where there has already been a session established via some other means then RMI. This use case can been seen in the Swing Webstart / Spring example. This example application creates a session via Spring webflow and then passes the session id of the newly created session to the Java Webstart application as a property. 
> While this works fine for a Java Webstart environment it creates a problem for other uses cases where there is no preestablished session. For example a use case where you want your users to be able to login via a stand alone Swing application which uses Spring and RMI.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)