I logged a ticket https://issues.apache.org/jira/browse/CAMEL-6352
On Mon, May 6, 2013 at 7:30 AM, Claus Ibsen <claus.ib...@gmail.com> wrote: > Hi > > Yeah well spotted. > > Not sure if you need to logout the old users when you detect a new user? > Anyway fell free to log a JIRA ticket and attach a patch with the fix. > http://camel.apache.org/support > > > > On Sun, May 5, 2013 at 3:40 PM, jethwani.bi...@gmail.com > <jethwani.bi...@gmail.com> wrote: >> Here's the code which I had to re-work to make it work for >> me.apache-camel-2.10.4ShiroSecurityPolicy.authenticateUser >> *It was:* private void authenticateUser(Subject currentUser, >> ShiroSecurityToken securityToken) { if >> (!currentUser.isAuthenticated()) >> { ... currentUser.login(token); >> ... }*New:* private void >> authenticateUser(Subject currentUser, ShiroSecurityToken securityToken) { >> if (!currentUser.isAuthenticated() || >> (currentUser.isAuthenticated() && >> !((String)currentUser.getPrincipal()).equals(securityToken.getUsername()))) >> { ... currentUser.login(token); >> ... } >> I have Java remoting built on activemq and camel using camel bean >> invocation.There's a route from direct component to jms on client side which >> injects the shiro security token (nothing special there)And on the other >> side I have a route from jms to bean which has policy(shiroSecurityPolicy) >> check using a custom realm.And I noticed that new user is not detected when >> user changes on the client side and it was kind of security risk as it was >> allowing invalid user to pass through.Now I have limited experience with >> apache shiro, so thought of checking if this is the correct fix???? >> >> >> >> -- >> View this message in context: >> http://camel.465427.n5.nabble.com/camel-shiro-security-policy-with-alwaysReauthenticate-set-to-false-doesn-t-detect-seperate-user-loggn-tp5732043.html >> Sent from the Camel - Users mailing list archive at Nabble.com. > > > > -- > Claus Ibsen > ----------------- > Red Hat, Inc. > FuseSource is now part of Red Hat > Email: cib...@redhat.com > Web: http://fusesource.com > Twitter: davsclaus > Blog: http://davsclaus.com > Author of Camel in Action: http://www.manning.com/ibsen -- Claus Ibsen ----------------- Red Hat, Inc. FuseSource is now part of Red Hat Email: cib...@redhat.com Web: http://fusesource.com Twitter: davsclaus Blog: http://davsclaus.com Author of Camel in Action: http://www.manning.com/ibsen
