Upon shutdown of my Tomcat instance I'm seeing hundreds of the message below in my log. The reason for shutdown was that upon authentication Tomcat never returns a response (after working nicely for several days). Unauthenticated URL's were returning fine. I'm running on Shiro 1.1.
I think this is related to https://issues.apache.org/jira/browse/SHIRO-159, but I'm not exactly sure. My config is using a Spring DelegatingFilterProxy and the ShiroFilterFactoryBean. QUESTIONS 1. I've found Controllers that are calling SecurityUtils.getSubject() while being mapped to /** = anon. Does this result in uncleaned ThreadLocal's as per the bug above? 2. Are URL's mapped to /** = anon under the control of the ShiroFilter? web.xml: <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> applicationContext.xml: <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login.do"/> <property name="unauthorizedUrl" value="/home/noaccess.do"/> <property name="successUrl" value="/sm/index.do"/> <property name="filterChainDefinitions"> <value> /login.do = authc /sm/admin/** = authc, roles[unit-admin] /sm/** = authc /** = anon </value> </property> </bean> TOMCAT SHUTDOWN MESSAGE Oct 30, 2012 2:05:22 AM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap SEVERE: The web application [] created a ThreadLocal with key of type [org.apache.shiro.util.ThreadContext.InheritableThreadLocalMap] (value [org.apache.shiro.util.ThreadContext$InheritableThreadLocalMap@29593df4]) and a value of type [java.util.HashMap] (value [{org.apache.shiro.util.ThreadContext_SUBJECT_KEY=org.apache.shiro.web.subject.support.WebDelegatingSubject@7b2ac98d, org.apache.shiro.util.ThreadContext_SECURITY_MANAGER_KEY=org.apache.shiro.web.mgt.DefaultWebSecurityManager@3474f6b0}]) but failed to remove it when the web application was stopped. This is very likely to create a memory leak. -- View this message in context: http://shiro-user.582556.n2.nabble.com/unclean-shutdown-of-Tomcat-tp7577893.html Sent from the Shiro User mailing list archive at Nabble.com.
