I am currently using shiro and the tapestry-security plugin to manage native sessions and persist data. Everything works fine when getting the session by SecurityUtils.getSubject().getSession(). However, this means that the application is peppered with fragments of shiro-specific code. Since shiro uses the servlet session API, is there a way to do this in a way that is transparent to the application, and hopefully still allow me to use annotations like @Persist and @SessionState?
I am currently using shiro and the tapestry-security plugin to manage native sessions and
Share
I decorated the TapestrySessionFactory to return a shiro session instead of the wrapped HttpServletSession. The interfaces were not identical, so a (very) simple coercion function was needed. I got exactly what I needed: the only shiro-related code consists of a few lines in AppModule and an isolated function converting org.apache.shiro.session.Session to org.apache.tapestry5.services.Session. In the rest of the app I use session facilities as before (including annotations), and they are all managed by shiro behind the scenes.