Hi, I am using Shiro in a restful web-environment, according to the documentation (about cleaning up thread in: http://shiro.apache.org/subject.html <http://shiro.apache.org/subject.html> ):
/Don't use the above ThreadState code example in a thread that is processing a web request. Web-specific ThreadState implementations are used during web requests instead. Instead, ensure the ShiroFilter intercepts web requests to ensure Subject building/binding/cleanup is done properly./ According to this I have relied that once Shiro executes the isAllowed() code of my authenticationFilter implementation - there would not be any need for further session cleanup - but currently this is the print out of my ThreadContext after thread's are starting to be recycled by our tomcat server (this is printed from the code of my Authentication Filter implementation - Authenticated subject on the corrupted thread is WebDelegatingSubject): /org.apache.shiro.util.ThreadContext_SECURITY_MANAGER_KEY=org.apache.shiro.web.mgt.DefaultWebSecurityManager@64c47ac2, org.apache.shiro.util.ThreadContext_SUBJECT_KEY=org.apache.shiro.web.subject.support.WebDelegatingSubject@71d679cf/ Is it me not understanding the documentation - or is it a bug? Thanks -- View this message in context: http://shiro-user.582556.n2.nabble.com/Using-Shiro-in-web-environment-Filter-but-thread-is-corrupted-tp7580414.html Sent from the Shiro User mailing list archive at Nabble.com.
