Every request to the servlet container (except for the initial request) contains a session ID (either as a cookie or URL parameter). The servlet container tracks all active sessions and uses the session ID as a key to retrieve the actual session object, which can then be bound to the current thread via a ThreadLocal (this is effectively what Shiro does, though the actual implementation is slightly different).
On Thu, Nov 3, 2011 at 11:38 AM, sshark - [email protected] wrote: > Without going into the codes, I believe these filters are where the > subject is set. At least this where I will begin to look for clues. > > org.apache.shiro.web.servlet.AbstractShiroFilter > org.apache.shiro.web.servlet.IniShiroFilter > > > > On Thu, Nov 3, 2011 at 11:24 PM, Lenny Primak <[email protected]>wrote: > >> It does work. Ts a combination of a session, request and thread local. >> >> >> >> On Nov 3, 2011, at 9:11 AM, "Abid Hussain" <[email protected]> wrote: >> >> > Thanks! So this means the subject is retrieved from the current >> thread... But this assumes that each user works in it's own thread. I >> wonder how (or if) this works in a web application or more general in >> applications where multiple users work on the same thread? >> > >> > Regards, >> > >> > Abid >> > >> >> It's all about your thread local request that keys in on the subject. >> >> >> >> >> >> >> >> On Nov 1, 2011, at 12:30 PM, "Abid Hussain" <[email protected]> >> wrote: >> >> >> >>> Hi, >> >>> >> >>> posted this message in the forum already but somehow hasn't been >> posted >> >> to the mailing list. >> >>> >> >>> I'm new to Shiro and have a question about how >> >> SecurityUtils.getSubject() works. >> >>> >> >>> After reading the documentation it's said that one simply retrieves >> the >> >> current user (subject) by calling >> >>> SecurityUtils.getSubject() >> >>> >> >>> But in the context of multiple users concurrently using the >> application >> >> each with their own session how does SecurityUtils determine the >> >> relationship to the session? In this context I would rather expect >> something like >> >>> SecurityUtils.getSubject(session). >> >>> >> >>> Any hints are appreciated... >> >>> >> >>> Regards, >> >>> >> >>> Abid >> >>> -- >> >>> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir >> >>> belohnen Sie mit bis zu 50,- Euro! >> https://freundschaftswerbung.gmx.de >> >>> >> > >> > -- >> > NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie! >> > Jetzt informieren: http://www.gmx.net/de/go/freephone >> > >> > >
