shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: [jira] [Created] (SHIRO-287) Enable web-configured SecurityManager to be statically accessible for non-request threads
Date Thu, 05 May 2011 21:54:12 GMT
I'm going to move this to a new discussion thread - these things seem
to get lost in the context of Jira update emails...

On Thu, May 5, 2011 at 2:53 PM, Les Hazlewood <lhazlewood@apache.org> wrote:
> On Thu, Apr 21, 2011 at 5:11 AM, Jared Bunting
> <jared.bunting@digitalreasoning.com> wrote:
>> Seems to me it should be enabled by default.  Correct me if I'm wrong but
>> wouldn't this only conflict between webapps if shiro was loaded from a
>> shared classloader such as can occur with ear deployments (or if shiro is
>> put in the server classpath)?  And since I see the scenario mentioned
>> previously as a rare case, this should seldom cause a problem.  Another
>> option for the multiple webapp case is to store it as an application-level
>> attribute.
>>
>> -Jared
>
> Sorry - I missed this before resolving the issue.  I'm hesitant to
> enable this by default as it could cause random/strange errors for
> anyone that is currently using a shared classloader approach.
> Although, yes, you're right Jared - this should be pretty rare.  We'd
> just have to be clear about it during the release if we decide to
> enable it.
>
> We can enable it by default if the community feels that is the best
> approach - I'm just being cautious.
>
> Anyone have opinions on this?
>
> Les
>



-- 
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com

Mime
View raw message