[
https://issues.apache.org/jira/browse/SHIRO-648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16512747#comment-16512747
]
Patrick Rhomberg commented on SHIRO-648:
----------------------------------------
[~bdemers] Not the reporter, but this is coming from GEODE-3692.
I am admittedly newer to the Shiro framework, but {{currentUser.login(token)}}
seems to be encouraged by both Shiro's [10 Minute
Tutorial|https://shiro.apache.org/10-minute-tutorial.html] and the [Java
Authentication Guide|https://shiro.apache.org/java-authentication-guide.html].
Are these no longer accurate, or can you direct me to a particular example or
portion of the documentation that represents how the underlying framework would
do this?
> SecurityUtils.getSubject() throws
> org.apache.geode.security.AuthenticationFailedException intermittently
> --------------------------------------------------------------------------------------------------------
>
> Key: SHIRO-648
> URL: https://issues.apache.org/jira/browse/SHIRO-648
> Project: Shiro
> Issue Type: Bug
> Components: Authentication (log-in)
> Affects Versions: 1.3.2
> Reporter: Jinmei Liao
> Priority: Major
>
> When our application starts, we set the vm static SecurityManager using
> {code:java}
> SecurityUtils.setSecurityManager(xyz);
> {code}
> But sometimes when we do login using:
> {code:java}
> Subject currentUser = SecurityUtils.getSubject();
> curentUser.login(tokent)
> {code}
> we occasionally get the following exception:
> {code:java}
> org.apache.geode.security.AuthenticationFailedException: No SecurityManager
> accessible to the calling code, either bound to the
> org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an
> invalid application configuration.
> {code}
> We suspect that it's because the vm static SecurityManager is not volatile
> and not visible to the login thread....
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
