Hi, This is the issue with thread context. I had the same issue. Use subject builder to build a subject and don't use securityutils.subject(). In a multi threaded environment there is this issue. Please have a look at the comments where I have found the issue and posted a solution Issue Navigator - ASF JIRA | | | | | |
| | | | | Issue Navigator - ASF JIRA | | | | Hope this helps. On Tue, Mar 21, 2017 at 8:42 AM, dsf49<[email protected]> wrote: I'm just getting started with Shiro. I'm using it in a SparkJava site. I have authentication mostly working, but after turning on trace logging for the ThreadContext class, I'm noticing that the subject is suddenly not authenticated when there's a new thread being used in the Jetty request. I assumed that a subject's state is the same across all threads in the same Jetty instance, but that doesn't seem to be the case here. I did the Shiro init in the main SparkJava thread: Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini"); SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); And I'm not passing around a SecurityManager instance. My authentication check happens in a before() filter in SparkJava and that's where it will fail when the thread changes. What I am missing? Thanks, Dave -- View this message in context: http://shiro-user.582556.n2.nabble.com/isAuthenticated-returns-false-when-the-Jetty-thread-changes-tp7581554.html Sent from the Shiro User mailing list archive at Nabble.com.
