Hm… I am sure, that when we do subjec.login(..) then under the hood subject is
bound to the tread.
I use the code I posted in integration tests and everything works as expected.
I pass token, I see how
my realm does it work.
What did you mean, saying «login and out do not bind the user to the thread.»?
I am saying that after calling
subject.login() subject is bound to thread and after subject.logout() subject
is unbound from thread.
--
Best regards, Alex Orlov
>Четверг, 20 мая 2021, 22:52 +03:00 от Brian Demers <brian.dem...@gmail.com>:
>
>login and out do not bind the user to the thread. Typically I use the
>ThreadContext directly when I need to do anything with threading
>
>For example, mock a subject, and bind it to the thread:
>https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L167-L168
>Then unbind it:
>https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L188
>
>Though if you are using a "real" subject, you could just use the built in
>thread execution as well:
>https://shiro.apache.org/subject.html#thread-association
>
>On Thu, May 20, 2021 at 11:34 AM Alex Orlov < ooo_satu...@mail.ru > wrote:
>>Hello all,
>>
>>Can I use in one thread tests subject login/logout. Something like this:
>>
>> @BeforeAll
>> protected void doBeforeAll() {
>> Subject subject = SecurityUtils.getSubject();
>> subject.login(token);
>> }
>> @AfterAll
>> protected void doAfterAll() {
>> Subject subject = SecurityUtils.getSubject();
>> subject.logout();
>> }
>>
>>As I understand, subject.login() does thread binding, and subject.logout()
>>does thread unbinding. So, could anyone say
>>if this code is correct.
>>
>>--
>>Best regards, Alex Orlov
