shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood (JIRA)" <>
Subject [jira] Resolved: (SHIRO-161) No SecurityManager accessible to the calling code
Date Sat, 15 May 2010 22:01:43 GMT


Les Hazlewood resolved SHIRO-161.

         Assignee: Kalle Korhonen
    Fix Version/s: 1.0.0
       Resolution: Not A Problem

As the exception states, this is almost always due to an invalid application (or 3rd party
framework) configuration.  Something needs to sit in front of a call stack (Method interceptor,
AbstractShiroFilter instance, etc) to guarantee thread state is set up and properly bound
before the call stack can continue.

Before SecurityUtils.getSubject() can be called, something higher up in the call stack must
bind the SecurityManager to the thread.  The exception trace that you posted indicates that
Tynamo is using the plain Subject.Binder() constructor, which _must_ have a ThreadContext-bound
SecurityManager instance (Tynamo needs to ensure this).  The alternative is for Tynamo to
use the constructor that specifies the SecurityManager instance directly.

I would talk to Kalle Korhonen on the Tynamo mailing lists about this - I'm sure he'd be able
to track down what is going on as he's intimately familiar with both projects's codebases.

> No SecurityManager accessible to the calling code
> -------------------------------------------------
>                 Key: SHIRO-161
>                 URL:
>             Project: Shiro
>          Issue Type: Bug
>          Components: Web
>    Affects Versions: 1.0.0
>         Environment: Linux, Tomcat 6, Jetty 6
>            Reporter: Robert Hannebauer
>            Assignee: Kalle Korhonen
>            Priority: Critical
>             Fix For: 1.0.0
>         Attachments:, Test.war
> The security context is not bound to the thread context. 
> The application uses an ajax periodical updater to often refresh some zones. But the
user is enabled to interact with the application, so it happens, that two simultaneous requests
arrives at the application server. This often produces
> ERROR 2010-05-15 23:33:08,030 ( - Error handling SecurityException
> org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to
the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static
singleton.  This is an invalid application configuration.
> 	at org.apache.shiro.SecurityUtils.getSecurityManager(
> 	at org.apache.shiro.subject.Subject$Builder.<init>(
> 	at org.apache.shiro.SecurityUtils.getSubject(
> 	at
> 	at
> 	at $SecurityService_1289de25571.isAuthenticated($
> 	at
> 	at$3.advise(

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message