I had the same issue with tomcat in nio pooled environment, I ended up using subject builder to ensure thread is not corrupted with earlier subjects
Get Outlook for Android<https://aka.ms/ghei36> ________________________________ From: Alex Orlov <[email protected]> Sent: Friday, November 20, 2020 11:48:00 PM To: Brian Demers <[email protected]> Cc: [email protected] <[email protected]> Subject: Re[4]: How to clear thread after Subject.login() Oh. I didn’t notice that there is a Builder. The question is closed. I went in wrong direction.Thank you very much for your help. -- Best regards, Alex Orlov Пятница, 20 ноября 2020, 20:58 +03:00 от Brian Demers <[email protected]>: You have a couple of options, you could either do something like this: https://github.com/apache/shiro/blob/0e5a4428bcaa0a4c03680f5faad5a4c897379497/core/src/test/java/org/apache/shiro/test/ExampleShiroIntegrationTest.java Or you could do something like: @Test public void myTest() { Subject subject = buildYourTestSubject(); subject.execute(new Runnable() { assertThat(yourCode, worksCorrectly()); } } You could also call ThreadContext.remove() if you didn't want to do either of the above https://github.com/apache/shiro/blob/0e5a4428bcaa0a4c03680f5faad5a4c897379497/core/src/main/java/org/apache/shiro/util/ThreadContext.java#L203 On Fri, Nov 20, 2020 at 11:19 AM Alex Orlov <[email protected]<//e.mail.ru/compose/?mailto=mailto%[email protected]>> wrote: Hi Brian I am talking about using Shiro in my test (or in any NON WEB environment). consider the following code: @Test public void testMe() { var subject = SecurityUtils.getSubject(); subject.login(new SomeToken()); //here subject is bound to thread (as I understand!!!) } I’ve read this Subject subject = new Subject.Builder()... ThreadState threadState = new SubjectThreadState(subject); threadState.bind(); try { //execute work as the built Subject } finally { //ensure any state is cleaned so the thread won't be //corrupt in a reusable or pooled thread environment threadState.clear(); } but this is not my situation, as when I do subject.login(...) I don’t manually bind subject to thread. And I want to understand how to unbind thread after subject.login(). Or I understand something wrong? -- Best regards, Alex Orlov Пятница, 20 ноября 2020, 18:48 +03:00 от Brian Demers <[email protected]<//e.mail.ru/compose/?mailto=mailto%[email protected]>>: What type of application are you building? For web applications Shiro can handle the Login (collecting of the username/password) and the thread binding for you, so you don't actually need to do that. (this all happens with the ShiroFilter, and associated chain) That said, if you do not want to use shiro-web, you could accomplish the same thing by sticking your code in a Runnable: https://github.com/apache/shiro/blob/b0091dfef63288f957389bce42f5a8e85329a1aa/web/src/main/java/org/apache/shiro/web/servlet/AbstractShiroFilter.java#L359-L368 Take a look at the Subject / Thread Association doc: https://shiro.apache.org/subject.html#thread-association On Fri, Nov 20, 2020 at 8:50 AM Alex Orlov <[email protected]<http://e.mail.ru/compose/?mailto=mailto%[email protected]>> wrote: Hi all, I use the following code: var subject = SecurityUtils.getSubject(); subject.login(new SomeToken()); As I understand, after `subject.login(new SomeToken())` if subject successfully logs in, he is bound to the current thread. Could anyone say how I can clear current thread, without subject.logout()? I just want the subject leaves in system until it is necessary again (for example until next request). I’ve read this article https://shiro.apache.org/subject.html but didn’t find answer there. Please, help. -- Best regards, Alex Orlov
