Hi James, I believe your concerns will be entirely alleviated with Shiro 1.2. In Shiro 1.2, you initialize Shiro via a ServletContextListener:
http://shiro.apache.org/web.html#Web-configuration This will initialize the Shiro environment (e.g. the SecurityManager and a FilterChainResolver to represent filter chains) at application startup before any Filters are initialized. Then, you can define any number of servlet Filters because they will only acquire what was created at startup by the ServletContextListener. I.e. you won't have multiple ShiroFilters trying to start up separate Shiro environments. However, it is still the most common approach to have only one ShiroFilter for an application and let that filter all requests. HTH! Cheers, -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com On Thu, Jul 14, 2011 at 2:01 PM, jagregory <[email protected]> wrote: > That was it. So the problem was: I had another Filter which was executing > after my Shiro security filter, which also inherited from > AbstractShiroFilter. The second filter seemed to overwrite anything the > first filter did in terms of SecurityManagers. > > Moral of the story: Only have one AbstractShiroFilter implementation. > > I don't believe this was deliberate, probably just a copy & paste error. > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Custom-WebSecurityManager-not-being-used-by-SecurityUtils-tp6581200p6584876.html > Sent from the Shiro User mailing list archive at Nabble.com.
