incubator-shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood" <>
Subject Re: [grails-user] JSecurity Plugin, AbstractLdapRealm and Caching
Date Thu, 16 Oct 2008 22:43:36 GMT
Hi Thomas,

I was looking at this email again in conjunction with another thread
related to caching.

The output looks correct, but there is a disconnect happening
somewhere, and I'm not sure if it is related to the Grails plugin or

Summarizing the other thread found here
if you call securityMangaer.setCacheManager() _or_
securityManager.setRealm(s), in either case, the CacheManager will be
made available to any CachingRealm subclass instances that you inject
into the security manager.  Once they receive it, if it is also an
AuthorizingRealm child, it will then immediately build their
AuthorizationInfo cache (AbstractLdapRealm is such a child subclass).

So, as you can see, in either case, your AuthorizationInfo cache
_should_ be created in any event.  It might not be created when it is
first initialized, but it will be created eventually.

For example:

Realm myRealm = new MyLdapRealm();
myRealm.init(); // <-- no AuthorizationInfo cache yet

DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.init(); // <-- the securityManager has a default
EhCacheCacheManager if ehcache is in the classpath, but your Realm
doesn't have it yet

securityManager.setRealm( myRealm );
//now 'myRealm' will have the cacheManager instance and its
AuthorizationInfo cache will be created.

Does this help?

Peter, I'm assuming the Grails plugin does something similar.  Am I correct?

On Mon, Oct 13, 2008 at 4:25 PM, Thomas Skowronek <> wrote:
> To provide additional information, I have a no-arg constructor in my realm.
> After calling super(), I just added a call to init() in it to see if I could
> get the additional output you mentioned.  The log output follows.  It looks
> like the default cache manager is created after the realm.
> Should the security manager initialize the realm or should the realm
> initialize itself?
> [com.jud.realm.AdamRealm] AdamRealm created
> [org.jsecurity.realm.AuthorizingRealm] Initializing authorization cache.
> [org.jsecurity.realm.AuthorizingRealm] No cache implementation set.
> Checking cacheManager...
> [org.jsecurity.realm.AuthorizingRealm] No cache or cacheManager properties
> have been set.  Authorization caching is disabled.
> [com.jud.realm.AdamRealm] AdamRealm initialized
> [com.jud.realm.AdamRealm] Realm Name: com.palmharbor.jud.realm.AdamRealm_0
> [org.jsecurity.mgt.CachingSecurityManager] Attempting to initialize default
> CacheManager using EhCache...
> [org.jsecurity.cache.ehcache.EhCacheManager] cacheManager property not set.
> Constructing CacheManager instance...
> [] Opening resource from class path
> [org/jsecurity/cache/ehcache/ehcache.xml]...
> [org.jsecurity.cache.ehcache.EhCacheManager] instantiated Ehcache
> CacheManager instance.
> [org.jsecurity.cache.ehcache.EhCacheManager] implicit cacheManager created
> successfully.
> [org.jsecurity.web.DefaultWebSecurityManager] http mode - enabling
> ServletContainerSessionManager (Http Sessions)
> -----Original Message-----
> From: Thomas Skowronek []
> Sent: Monday, October 13, 2008 2:17 PM
> To:
> Cc:
> Subject: RE: [grails-user] JSecurity Plugin, AbstractLdapRealm and Caching
> My apologies for the slow response.  Vacation.
> With trace enabled, the only output that I get from AuthorizingRealm is the
> following in getAuthorizationInfo().
> 2008-10-13 13:33:26,896 TRACE [org.jsecurity.realm.AuthorizingRealm]
> Retrieving AuthorizationInfo for principals
> [org.jsecurity.subject.SimplePrincipalCollection@396e7520]
> There is no output from initAuthorizationCache().
> Thomas
> -----Original Message-----
> From: Les Hazlewood []
> Sent: Tuesday, October 07, 2008 6:08 PM
> To:
> Cc:
> Subject: Re: [grails-user] JSecurity Plugin, AbstractLdapRealm and Caching
> You are indeed correct that it should be caching the AuthorizationInfo
> lookup for role/permission checks - at least that is what the code
> 'says'.
> There are a few trace/debug/info log messages in AuthorizingRealm that
> are printed when an authorization check occurs, particularly in the
> initAuthorizationCache() and getAuthorizationInfo() methods .  Do you
> have that output?
> - Les
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:

View raw message