I am trying to do relatively simple thing: log in user manually. I am using FacebookGraph plugin to connect to facebook. If user logs in via Facebook, i get his ID and I want to authenticate him in ShiroSecurity. Of course such trivial thing like

session.user = user

does not work.
I have found the code in the wiki, which should do the trick:

Object userIdentity = user.email
String realmName = "username";
PrincipalCollection principals = new SimplePrincipalCollection(userIdentity, realmName);
Subject subject = new Subject.Builder().principals(principals).buildSubject();

However it does not work. I still get redirected to auth/login with log.debug message that ShiroSubject is null. Maybe it be because I invoke this code in a service.
Any ideas how to make this work?

UPDATE:

 def authenticate(authToken) {
    log.info "Attempting to authenticate ${authToken.username} in DB realm..."+authToken.encodeAsJSON()
    def username = authToken.username

    // Null username is invalid
    if (username == null) {
        throw new AccountException("Null usernames are not allowed by this realm.")
    }

    // Get the user with the given username. If the user is not
    // found, then they don't have an account and we throw an
    // exception.
    log.debug "reached this point2"
    def user = ShiroUser.findByUsername(username)
    log.debug "reached this point"
    if (!user) {
        throw new UnknownAccountException("No account found for user [${username}]")
    }

    log.info "Found user '${user.username}' in DB"

    // Now check the user's password against the hashed value stored
    // in the database.
    def account = new SimpleAccount(username, user.passwordHash, "ShiroDbRealm")
    if (!credentialMatcher.doCredentialsMatch(authToken, account)) {
        log.info "Invalid password (DB realm)"
        throw new IncorrectCredentialsException("Invalid password for user '${username}'")
    }

    return account
}