[jira] [Updated] (SHIRO-648) SecurityUtils.getSubject() throws org.apache.geode.security.AuthenticationFailedException intermittently

Wed, 06 Jun 2018 15:23:19 -0700 


     [ 
https://issues.apache.org/jira/browse/SHIRO-648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jinmei Liao updated SHIRO-648:
------------------------------
    Description: 
When our application starts, we set the vm static SecurityManager using
{code:java}
SecurityUtils.setSecurityManager(xyz);
{code}
But sometimes when we do login using:
{code:java}
Subject currentUser = SecurityUtils.getSubject();
curentUser.login(tokent)
{code}

we occasionally get the following exception:
{code:java}
org.apache.geode.security.AuthenticationFailedException: No SecurityManager 
accessible to the calling code, either bound to the 
org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an 
invalid application configuration.
{code}
We suspect that it's because the vm static SecurityManager is not volatile and 
not visible to the login thread....

  was:
When our application starts, we set the vm static SecurityManager using
{code:java}
SecurityUtils.setSecurityManager(xyz);
{code}
But sometimes when we do login using:
{code:java}
Subject currentUser = SecurityUtils.getSubject();
curentUser.login(tokent)
{code}

we occasionally get the following exception:

org.apache.geode.security.AuthenticationFailedException: No SecurityManager 
accessible to the calling code, either bound to the 
org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an 
invalid application configuration.

We suspect that it's because the vm static SecurityManager is not volatile and 
not visible to the login thread....


> SecurityUtils.getSubject() throws 
> org.apache.geode.security.AuthenticationFailedException intermittently
> --------------------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-648
>                 URL: https://issues.apache.org/jira/browse/SHIRO-648
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in)
>    Affects Versions: 1.3.2
>            Reporter: Jinmei Liao
>            Priority: Major
>
> When our application starts, we set the vm static SecurityManager using
> {code:java}
> SecurityUtils.setSecurityManager(xyz);
> {code}
> But sometimes when we do login using:
> {code:java}
> Subject currentUser = SecurityUtils.getSubject();
> curentUser.login(tokent)
> {code}
> we occasionally get the following exception:
> {code:java}
> org.apache.geode.security.AuthenticationFailedException: No SecurityManager 
> accessible to the calling code, either bound to the 
> org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an 
> invalid application configuration.
> {code}
> We suspect that it's because the vm static SecurityManager is not volatile 
> and not visible to the login thread....



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to