On the face of it, it doesn't seem like a new thread is the issue. >From stepping through the AbstractShiroFilter, and watching the put and get calls to shiro.util.ThreadContext I can see the SecurityManager getting set in the ThreadContext.bind() calls
However, when SecurityManager.getSecurityManager() is called, the ThreadContext.getSecurityManager() call returns null (line 115 in SecurityUtils.java) And both calls I believe are being undertaken by the thread named http-8080-2 (in this case). However, I have put watches on ThreadContext.resources.get() and just before the exception is thrown, the result of the ThreadContext.resources.get() call is a different object reference to a different Map to the one I saw the SecurityManager put into. I've never used ThreadLocal in anger, but I'm guessing this is the cause of the message I'm seeing, is there something I am doing wrong? Thanks, -James On 21 December 2011 11:55, James Bowkett <[email protected]> wrote: > Hmmm...Not sure why it would be, I'm using the Shiro Filter, and then next > in the chain is a Stripes Filter to construct my web app within Tomcat 6. > As far as I can tell, when Tomcat receives a request, it is then serviced > by one of the threads in its threadpool (I don't spawn any threads of my > own at any time). This then calls the ShiroFilter which will do whatever > it needs to match HTTP session IDs to the Subject and then presumably > should set that Subject in the ThreadContext so it can be picked up using > SecurityUtils.XXX calls > > I'll try stepping through it in the debugger and see if I can see what's > happening > > Thanks for helping me out on this... > > Cheers, > > -James > > > On 21 December 2011 11:20, Alex Vasilenko [via Shiro User] < > [email protected]> wrote: > >> Looks like it's executed in different thread. Any ideas how and why? >> >> Alexandr Vasilenko >> Web Developer >> >> 2011/12/21 Jamesb <[hidden >> email]<http://user/SendEmail.jtp?type=node&node=7114821&i=0> >> > >> >>> It's very similar, my config looks like this >>> >>> >>> <bean id="shiroFilter" >>> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> >>> <property name="securityManager" ref="securityManager"/> >>> <!-- override these for application-specific URLs if you like:--> >>> <property name="loginUrl" value="/Login.action"/> >>> <property name="successUrl" value="/index.jsp"/> >>> <property name="filterChainDefinitions"> >>> <value> >>> /security/** = roles[administrator] >>> /search/** = roles[user] >>> </value> >>> </property> >>> </bean> >>> >>> On 21 December 2011 11:13, Alex Vasilenko [via Shiro User] < >>> [hidden email] <http://user/SendEmail.jtp?type=node&node=7114821&i=1>> >>> wrote: >>> >>> > Hello James, >>> > >>> > SecurityManager is bound to thread by shiro filter on request start and >>> > unbound on request complete. >>> > Do you have something like https://gist.github.com/1505659 in your >>> spring >>> > context? >>> > >>> > Regards, >>> > Alexandr Vasilenko >>> > Web Developer >>> > >>> > 2011/12/21 Jamesb <[hidden email]< >>> http://user/SendEmail.jtp?type=node&node=7114810&i=0> >>> >>> > > >>> > >>> >> Hi, >>> >> >>> >> I am using the ShiroFilter within a Spring-based webapp. I was >>> following >>> >> the guidance from this documentation: >>> >> http://shiro.apache.org/spring.html >>> >> http://shiro.apache.org/spring.html >>> >> >>> >> I also want to use the jsp tag library <shiro:hasRole...> however, >>> when I >>> >> run my application I get the following exception : >>> >> >>> >> org.apache.shiro.UnavailableSecurityManagerException: No >>> SecurityManager >>> >> accessible to the calling code, either bound to the >>> >> org.apache.shiro.util.ThreadContext or as a vm static singleton. >>> This is >>> >> an >>> >> invalid application configuration. >>> >> at >>> >> >>> org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123) >>> >> at >>> >> org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627) >>> >> ... >>> >> >>> >> unless I include the following in my ApplicationContext.xml: >>> >> >>> >> <bean >>> >> >>> >> >>> class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> >>> >> <property name="staticMethod" >>> >> value="org.apache.shiro.SecurityUtils.setSecurityManager"/> >>> >> <property name="arguments" ref="securityManager"/> >>> >> </bean> >>> >> >>> >> I understand that in order for the static SecurityUtils.XXX calls to >>> work >>> >> there must be a ThreadLocal SecurityManager, and not including the xml >>> >> snippet above means there isn't one, hence the exception. However, >>> >> following the comment given in the example in the link above, >>> >> < !-- make the securityManager bean a static singleton. DO NOT do >>> this in >>> >> web -- > >>> >> < !-- applications - see the 'Web Applications' section below >>> instead. -- >>> >> > >>> >> >>> >> Is there an alternative way I should be making the SecurityManager >>> >> available >>> >> to the <shiro:... tag library? >>> >> >>> >> Or is this a documentation bug?....and one should set the security >>> manager >>> >> in SecurityUtils, but one shouldn't access it in this way, it should >>> be >>> >> injected using your container? >>> >> >>> >> Thanks, >>> >> >>> >> -James >>> >> >>> >> >>> >> -- >>> >> View this message in context: >>> >> >>> http://shiro-user.582556.n2.nabble.com/Do-you-have-to-SecurityUtils-setSecurityManager-in-a-web-app-to-use-shiro-tag-library-tp7114798p7114798.html >>> >> Sent from the Shiro User mailing list archive at Nabble.com. >>> >> >>> > >>> > >>> > >>> > ------------------------------ >>> >>> > If you reply to this email, your message will be added to the >>> discussion >>> > below: >>> > >>> > >>> http://shiro-user.582556.n2.nabble.com/Do-you-have-to-SecurityUtils-setSecurityManager-in-a-web-app-to-use-shiro-tag-library-tp7114798p7114810.html >>> > To unsubscribe from Do you have to SecurityUtils.setSecurityManager >>> in a >>> > web app to use shiro tag library?, click here< >>> > . >>> > NAML< >>> http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml >>> > >>> > >>> >>> >>> >>> -- >>> __________________ >>> [hidden email] <http://user/SendEmail.jtp?type=node&node=7114821&i=2> >>> 07967 156 887 >>> >>> >>> -- >>> View this message in context: >>> http://shiro-user.582556.n2.nabble.com/Do-you-have-to-SecurityUtils-setSecurityManager-in-a-web-app-to-use-shiro-tag-library-tp7114798p7114813.html >>> Sent from the Shiro User mailing list archive at Nabble.com. >>> >> >> >> >> ------------------------------ >> If you reply to this email, your message will be added to the >> discussion below: >> >> http://shiro-user.582556.n2.nabble.com/Do-you-have-to-SecurityUtils-setSecurityManager-in-a-web-app-to-use-shiro-tag-library-tp7114798p7114821.html >> To unsubscribe from Do you have to SecurityUtils.setSecurityManager in a >> web app to use shiro tag library?, click >> here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7114798&code=amFtZXNAYm93a2V0dC5pbmZvfDcxMTQ3OTh8MzE4NTk0ODI0> >> . >> NAML<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> >> > > > > > -- View this message in context: http://shiro-user.582556.n2.nabble.com/Do-you-have-to-SecurityUtils-setSecurityManager-in-a-web-app-to-use-shiro-tag-library-tp7114798p7115031.html Sent from the Shiro User mailing list archive at Nabble.com.
