Authorization and Authetication

Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(userName,
password);
// call the JdbcRelam method for Authorization
currentUser.login(token);




public class JdbcRealm extends AuthorizingRealm {

public JdbcRealm() {
setName("JdbcRealm");
}

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg) {

SimpleAuthorizationInfo proto = new SimpleAuthorizationInfo();
return info;
}

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {

UsernamePasswordToken token = (UsernamePasswordToken) token;
String username = token.getUsername();
String password = String.valueOf(token.getPassword());



// response from some operation may be call to another web service ,response is the model object
Model response = restTemplate.postForObject(Url, DTO, Model.class);

Subject currentUser = SecurityUtils.getSubject();

Session session = currentUser.getSession();
session.setAttribute( "access",response.getAcces());
session.setAttribute( "refresh",response.getRefresh());
return new SimpleAuthenticationInfo(username, token.getPassword(), getName());


public void logout() {

Subject currentUser = SecurityUtils.getSubject();
currentUser.logout();

}