shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <>
Subject Re: [jira] [Created] (SHIRO-287) Enable web-configured SecurityManager to be statically accessible for non-request threads
Date Thu, 05 May 2011 21:53:33 GMT
On Thu, Apr 21, 2011 at 5:11 AM, Jared Bunting
<> wrote:
> Seems to me it should be enabled by default.  Correct me if I'm wrong but
> wouldn't this only conflict between webapps if shiro was loaded from a
> shared classloader such as can occur with ear deployments (or if shiro is
> put in the server classpath)?  And since I see the scenario mentioned
> previously as a rare case, this should seldom cause a problem.  Another
> option for the multiple webapp case is to store it as an application-level
> attribute.
> -Jared

Sorry - I missed this before resolving the issue.  I'm hesitant to
enable this by default as it could cause random/strange errors for
anyone that is currently using a shared classloader approach.
Although, yes, you're right Jared - this should be pretty rare.  We'd
just have to be clear about it during the release if we decide to
enable it.

We can enable it by default if the community feels that is the best
approach - I'm just being cautious.

Anyone have opinions on this?


View raw message