custom remember-me functionality

[Graham O'Regan <gr...@ellisonbrookes.com>]

Hi,

We are looking at setting up Shiro as a web service for a PHP front-end so a user can login through a PHP UI. The PHP code will POST to a URI and receive a token from a custom TokenRememberMeManager that they can then use to validate permissions later. The PHP code will maintain the cookie that is sent to the user using the same configuration as the CookieRememberMeManager (HttpOnly, same max-age etc.) but the value will be included as parameter to the service URI instead of as a cookie so we need to be able to read that in ourselves instead of relying on the default remember-me mechanism.

I have two questions;

1. Is this a sane method of achieving what we are looking to do or is there a more straight-forward way of extending Shiro?
2. I've set up a new remember-me manager to accept the value that the CookieRememberMeManager would normally use, is there an easy way to reference the TokenRememberMeManager in servlets (Jersey resources in actual fact) without resorting to static references and dynamic casting of the SecurityManager to DefaultWebSecurityManager? This isn't a huge problem, I just don't see a cleaner way of accessing it later.

Graham