Return-Path: Delivered-To: apmail-incubator-shiro-dev-archive@www.apache.org Received: (qmail 47604 invoked from network); 19 May 2010 02:34:35 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 19 May 2010 02:34:35 -0000 Received: (qmail 56060 invoked by uid 500); 19 May 2010 02:34:35 -0000 Delivered-To: apmail-incubator-shiro-dev-archive@incubator.apache.org Received: (qmail 55989 invoked by uid 500); 19 May 2010 02:34:35 -0000 Mailing-List: contact shiro-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: shiro-dev@incubator.apache.org Delivered-To: mailing list shiro-dev@incubator.apache.org Received: (qmail 55981 invoked by uid 99); 19 May 2010 02:34:35 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 May 2010 02:34:35 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of yowzator@gmail.com designates 209.85.212.47 as permitted sender) Received: from [209.85.212.47] (HELO mail-vw0-f47.google.com) (209.85.212.47) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 May 2010 02:34:27 +0000 Received: by vws20 with SMTP id 20so2586950vws.6 for ; Tue, 18 May 2010 19:34:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:content-type:content-transfer-encoding; bh=kRDWSgxlZiGKBD4mkZmC7bHRo3QIPUoX673tqwCjZ7I=; b=lD//scT6VasPVl5Hc3QUmWnFOtYW9MYT4P1iDTFQ4uRhEdZU0CWo033/wQNfIOndiF oM9ZSwYcQWVTdXGFHEfC08qOzAOy/X2t6qnDdsguqpVBT7WOsV2N8gvpIDAWwvPkWnMq 2QgorZzFo2PbA/YwcveGI0Zdi2H75Btn800Vo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=qGfNPYtQfrukdR3puJwS/7hma85bhtSaUqwPLjAO7qZqB2m49N1aZngLgN5syNCX8Y eQQwY7erahb9ABW++zkXBmTzbMWZs3/kzEnsqnWeLLd1AKHfsOdH5qA7zyQ5zt3Teq0V 7SSuz/HsSW4p4pJq7ZPk1JxkjShoymWZVt8aM= MIME-Version: 1.0 Received: by 10.220.128.137 with SMTP id k9mr4162364vcs.136.1274236445833; Tue, 18 May 2010 19:34:05 -0700 (PDT) Sender: yowzator@gmail.com Received: by 10.220.114.66 with HTTP; Tue, 18 May 2010 19:34:05 -0700 (PDT) In-Reply-To: References: Date: Tue, 18 May 2010 19:34:05 -0700 X-Google-Sender-Auth: UdN0V-XSTwIsBsMPYEVHyw7gxp8 Message-ID: Subject: Re: SessionManager API modification From: Tauren Mills To: shiro-dev@incubator.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Les, I just did an svn update, mvn clean, mvn install of your branch, and so far all looks good. No more exceptions or odd behavior. Thanks so much! I'll let you know if I run into anything else. Tauren On Tue, May 18, 2010 at 7:03 PM, Les Hazlewood wrot= e: > I've implemented the fix for SHIRO-164 into the branch. =A0It looks like > I'm going to have to commit this to trunk, however, all tests pass and > real-world applications tested against it are doing well. > > Barring any user-reported issues, I think we're all done with code > (maybe some JavaDoc, but no programming). =A0I'll bump the release > thread next to see what our next steps are. > > On Mon, May 17, 2010 at 5:24 PM, Les Hazlewood wr= ote: >> Just a quick note - I'm committing these changes to a branch for peer >> review. =A0If good, we can merge. >> >> - Les >> >> On Mon, May 17, 2010 at 3:15 PM, Les Hazlewood w= rote: >>> I've got one thing left to address before resolving SHIRO-162 [1]: >>> >>> Up to this point, the work to remove lots of cross-referenced >>> constants and the ThreadContext usages has gone very well. =A0However, >>> it has become readily apparent of the architectural flaws of the >>> existing SessionManager interface: >>> >>> All of the methods except for 'start' mandate that all session data >>> can be resolved based on a session ID. =A0However, this is definitely >>> not true for ServletContainer environments. >>> >>> So, the web-based SecurityManager and SessionManager implementations >>> still need to resort to brittle ThreadContext usages with keyed >>> constants to pull ServletRequest/ServletResponse pairs off of the >>> thread. =A0It is less than ideal and feels quite hacky in places. >>> >>> It makes sense to me to move the ID-based methods to a sub-interface, >>> maybe something like NativeSessionManager to account for this. >>> Without this, the Web SecurityManager/SessionManager implementations >>> will remain complex and somewhat difficult to trace. >>> >>> Since we're still waiting for Infra to enable something for Kalle >>> before we finish our last issue, what do you guys think of me doing >>> this today? =A0I already have an implementation plan in place (and most >>> stuff is already done, I just don't want to commit without the dev >>> team being ok with this), and it will be complete today (with tests) >>> if allowed to proceed. =A0Note that this has no end-user impact on the >>> Subject or Session API. >>> >>> Thoughts? >>> >>> Les >>> >>> [1] https://issues.apache.org/jira/browse/SHIRO-162 >>> >> >