Hmmm...Not sure why it would be, I'm using the Shiro Filter, and then next in the chain is a Stripes Filter to construct my web app within Tomcat 6. As far as I can tell, when Tomcat receives a request, it is then serviced by one of the threads in its threadpool (I don't spawn any threads of my own at any time). This then calls the ShiroFilter which will do whatever it needs to match HTTP session IDs to the Subject and then presumably should set that Subject in the ThreadContext so it can be picked up using SecurityUtils.XXX calls
I'll try stepping through it in the debugger and see if I can see what's happening Thanks for helping me out on this... Cheers, -James On 21 December 2011 11:20, Alex Vasilenko [via Shiro User] < [email protected]> wrote: > Looks like it's executed in different thread. Any ideas how and why? > > Alexandr Vasilenko > Web Developer > > 2011/12/21 Jamesb <[hidden > email]<http://user/SendEmail.jtp?type=node&node=7114821&i=0> > > > >> It's very similar, my config looks like this >> >> >> <bean id="shiroFilter" >> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> >> <property name="securityManager" ref="securityManager"/> >> <!-- override these for application-specific URLs if you like:--> >> <property name="loginUrl" value="/Login.action"/> >> <property name="successUrl" value="/index.jsp"/> >> <property name="filterChainDefinitions"> >> <value> >> /security/** = roles[administrator] >> /search/** = roles[user] >> </value> >> </property> >> </bean> >> >> On 21 December 2011 11:13, Alex Vasilenko [via Shiro User] < >> [hidden email] <http://user/SendEmail.jtp?type=node&node=7114821&i=1>> >> wrote: >> >> > Hello James, >> > >> > SecurityManager is bound to thread by shiro filter on request start and >> > unbound on request complete. >> > Do you have something like https://gist.github.com/1505659 in your >> spring >> > context? >> > >> > Regards, >> > Alexandr Vasilenko >> > Web Developer >> > >> > 2011/12/21 Jamesb <[hidden email]< >> http://user/SendEmail.jtp?type=node&node=7114810&i=0> >> >> > > >> > >> >> Hi, >> >> >> >> I am using the ShiroFilter within a Spring-based webapp. I was >> following >> >> the guidance from this documentation: >> >> http://shiro.apache.org/spring.html >> >> http://shiro.apache.org/spring.html >> >> >> >> I also want to use the jsp tag library <shiro:hasRole...> however, >> when I >> >> run my application I get the following exception : >> >> >> >> org.apache.shiro.UnavailableSecurityManagerException: No >> SecurityManager >> >> accessible to the calling code, either bound to the >> >> org.apache.shiro.util.ThreadContext or as a vm static singleton. This >> is >> >> an >> >> invalid application configuration. >> >> at >> >> >> org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123) >> >> at >> >> org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627) >> >> ... >> >> >> >> unless I include the following in my ApplicationContext.xml: >> >> >> >> <bean >> >> >> >> >> class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> >> >> <property name="staticMethod" >> >> value="org.apache.shiro.SecurityUtils.setSecurityManager"/> >> >> <property name="arguments" ref="securityManager"/> >> >> </bean> >> >> >> >> I understand that in order for the static SecurityUtils.XXX calls to >> work >> >> there must be a ThreadLocal SecurityManager, and not including the xml >> >> snippet above means there isn't one, hence the exception. However, >> >> following the comment given in the example in the link above, >> >> < !-- make the securityManager bean a static singleton. DO NOT do >> this in >> >> web -- > >> >> < !-- applications - see the 'Web Applications' section below instead. >> -- >> >> > >> >> >> >> Is there an alternative way I should be making the SecurityManager >> >> available >> >> to the <shiro:... tag library? >> >> >> >> Or is this a documentation bug?....and one should set the security >> manager >> >> in SecurityUtils, but one shouldn't access it in this way, it should be >> >> injected using your container? >> >> >> >> Thanks, >> >> >> >> -James >> >> >> >> >> >> -- >> >> View this message in context: >> >> >> http://shiro-user.582556.n2.nabble.com/Do-you-have-to-SecurityUtils-setSecurityManager-in-a-web-app-to-use-shiro-tag-library-tp7114798p7114798.html >> >> Sent from the Shiro User mailing list archive at Nabble.com. >> >> >> > >> > >> > >> > ------------------------------ >> >> > If you reply to this email, your message will be added to the >> discussion >> > below: >> > >> > >> http://shiro-user.582556.n2.nabble.com/Do-you-have-to-SecurityUtils-setSecurityManager-in-a-web-app-to-use-shiro-tag-library-tp7114798p7114810.html >> > To unsubscribe from Do you have to SecurityUtils.setSecurityManager in >> a >> > web app to use shiro tag library?, click here< >> > . >> > NAML< >> http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml >> > >> > >> >> >> >> -- >> __________________ >> [hidden email] <http://user/SendEmail.jtp?type=node&node=7114821&i=2> >> 07967 156 887 >> >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/Do-you-have-to-SecurityUtils-setSecurityManager-in-a-web-app-to-use-shiro-tag-library-tp7114798p7114813.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> > > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://shiro-user.582556.n2.nabble.com/Do-you-have-to-SecurityUtils-setSecurityManager-in-a-web-app-to-use-shiro-tag-library-tp7114798p7114821.html > To unsubscribe from Do you have to SecurityUtils.setSecurityManager in a > web app to use shiro tag library?, click > here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7114798&code=amFtZXNAYm93a2V0dC5pbmZvfDcxMTQ3OTh8MzE4NTk0ODI0> > . > NAML<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://shiro-user.582556.n2.nabble.com/Do-you-have-to-SecurityUtils-setSecurityManager-in-a-web-app-to-use-shiro-tag-library-tp7114798p7114881.html Sent from the Shiro User mailing list archive at Nabble.com.
