Session validating thread....? but by looking at the code, um, very strange use of Shiro.. :)
On Wed, May 15, 2013 at 4:14 PM, ApacheNinja <[email protected]> wrote: > Hello, > > Yes, we are using the latest release of Shiro. We are primarily using > Shiro to check user permissions. We are not using it to log in to our > application. We are creating our Subject using the following method: > > protected void setAuthorizerSubject(UsersDVO user){ > DefaultSecurityManager securityManager = new > DefaultSecurityManager(); > securityManager.setRealm(realm); > securityManager.setAuthenticator(new MockAuthenticator()); > SecurityUtils.setSecurityManager(securityManager ); > Subject currentUser = new DelegatingSubject(securityManager); > if(!currentUser.isAuthenticated()){ > UsernamePasswordToken token = new > UsernamePasswordToken(user.getUserName(), ""); > try{ > currentUser.login(token); > } catch (AuthenticationException ex){ > Log.exception(ex); > } > } > this.subject = currentUser; > } > > This is created once when the user logs in. In our application it is > possible to log in as a general administrator first, then log in again as a > more specific user. So this may be called twice. We then use the Subject > object to call the isPermitted() object, which checks to see if the user > has > access to different portions of our application. In our Realm object we > have set setAuthorizationCachingEnabled(false) (I don't think this makes a > difference but I thought I would include this information anyway). Looking > at the stack trace when calling isPermitted(), I see that it goes through > the Shiro API and then it then calls our implementation > doGetAuthorizationInfo() : > > @Override > protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection > principalCollection) { > SimpleAuthorizationInfo info = null; > if( user != null ) { > info = new SimpleAuthorizationInfo(); > List<Role> roles = > roleManager.getRolesForUser(user.getUserID()); > List<EPermission> permissions = > permissionManager.getPermissionsForUser(user.getUserID()); > for(Role role : roles) { > info.addRole(role.getName()); > } > for(EPermission permission : permissions){ > info.addStringPermission(permission.getName()); > } > } > > return info; > } > > Somewhere in there a new thread is being generated but I don't know where. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Too-many-threads-created-when-calling-isPermitted-tp7578725p7578734.html > Sent from the Shiro User mailing list archive at Nabble.com. >
