boris-petrov commented on pull request #218: URL: https://github.com/apache/shiro/pull/218#issuecomment-622083516
@fpapon - great, no problem, thanks! @bdemers - well, I'm doing programmatic configuration (without any `ini` files) so I have to set the "global" `SecurityManager`, right? After that I'm not using it in any way, I'm just sometimes creating Subjects manually and that internally uses the static SecurityManager. I don't think there is anything here that can/needs to be improved. There is however a pain point that I see also [others have hit before](http://shiro-user.582556.n2.nabble.com/Inheritance-of-Security-Context-causes-problems-in-EJB-container-td7579859.html) - using an `InheritableThreadLocal` instead of a "normal" `ThreadLocal`. In addition to what the people in that thread explain as problems, another thing to note is that once such a threadpool thread stores the SecurityManager in its thread local storage, it will be such forever - even if the global static SecurityManager is changed, the threadpool threads are bound forever to the old one which could lead to nasty situations. I believe this has to be revisited and perhaps an option to be added for Shiro to use "normal" ThreadLocal's instead of inheritable-ones. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
