shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: [jira] [Created] (SHIRO-287) Enable web-configured SecurityManager to be statically accessible for non-request threads
Date Thu, 21 Apr 2011 07:21:40 GMT
FYI, I just committed this change to trunk (AbstractShiroFilter).
Static memory remains disabled by default pending further
review/discussion.

Regards,

Les

On Wed, Apr 20, 2011 at 11:15 PM, Les Hazlewood <lhazlewood@apache.org> wrote:
> Hi Jared,
>
> It wil definitely be configurable, but typically because there might
> be more than one Shiro-enabled web app in a single JVM (it'd be odd
> for a single app to have more than one Shiro SecurityManager).  Right
> now in my local dev environment, it is disabled by default.
>
> But what is the 80/20 rule here?  Should it be enabled by default,
> with the option to turn it off?  Or keep it disabled by default (as it
> is now), and expect people to manually turn it on?
>
> Shiro's general premise is to make things as easy as possible.  Will
> more people expect it to 'just work' without having to specify this
> extra config option?  Or will more people be running more than one
> Shiro-enabled web app in the same JVM?
>
> Thoughts?
>
> HTH,
>
> Les
>
> On Wed, Apr 20, 2011 at 7:24 PM, Jared Bunting
> <jared.bunting@digitalreasoning.com> wrote:
>> Les,
>>
>> Will this be disableable via an option on the filter?  I can see where a
>> webapp with more than one shiro filter / security manager would cause a
>> problem with this.
>>
>> -Jared
>>
>> "Les Hazlewood (JIRA)" <jira@apache.org> wrote:
>>
>> Enable web-configured SecurityManager to be statically accessible for
>> non-request threads
>> --------------------------------------------------------------------------
>> ---------------
>>
>>                 Key: SHIRO-287
>>                 URL: https://issues.apache.org/jira/browse/SHIRO-287
>>             Project: Shiro
>>          Issue Type: New Feature
>>            Reporter: Les Hazlewood
>>            Assignee: Les Hazlewood
>>             Fix For: 1.2.0
>>
>>
>> For any work done on threads that are not triggered by a request thread,
>> the SecurityManager should be accessible to these threads so the
>> Subject.Builder can be used properly.
>>
>> This can be accomplished by setting the configured SecurityManager as a
>> static member variable in SecurityUtils (via
>> SecurityUtils.setSubjectManager).  While static memory is not ideal, it is
>> probably good enough for 90% of web applications, and can be a viable
>> solution.
>>
>> --
>> This message is automatically generated by JIRA.
>> For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message