ShiroFilter does not work with proxied security manager
-------------------------------------------------------
Key: SHIRO-130
URL: https://issues.apache.org/jira/browse/SHIRO-130
Project: Shiro
Issue Type: Bug
Components: Web
Affects Versions: 1.0
Reporter: Peter Ledbrook
Fix For: 1.0
The {{ShiroFilter.isHttpSessions()}} method does an {{instanceof}} check on the
security manager, checking whether it's an instance of
{{DefaultWebSecurityManager}}.
This doesn't work when the security manager is a JDK proxy to a
{{DefaultWebSecurityManager}} because the proxy implements the
{{SecurityManager}} interface, which doesn't have the {{isHttpSessions()}}
method.
Perhaps we should have a {{WebSecurityManager}} interface with the
{{isHttpSessions()}} method defined on it?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
