You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Marcus Bond <ma...@marcusbond.me.uk> on 2012/08/15 12:33:29 UTC
Subject user session thread local in stateless service
Hi,
I have a scenario where I need to set some application specific context
values on a thread and so I have a context provider class which will use a
delegate(my "shiro delegate") for retrieving the values. Since I am using
Shiro I wanted to take advantage of its handling of session values
(clearing the thread at the end of the request for thread pool safety etc.)
on a per HTTP request basis but the caveat is that the API secured by Shiro
is stateless and I don't want to persist sessions between requests..
currently the chain uses a noSession filter.
The general idea is that a request comes in, Shiro authenticates and the
next (or previous) custom filter in the chain sets some values on the
Subjects session (easy to use) which are later accessed by my context
provider through the "shiro delegate". This session should only be valid for
the duration of the request (it's a data holder for the thread) after which
it ceases to exist.. the next API request would start over and do the same
thing. I'd like to avoid having to implement my own ThreadLocal and the
corresponding clearing after the request since Shiro already has this built
in.
Is this possible?
Regards,
Marcus.
Re: Subject user session thread local in stateless service
Posted by Kalle Korhonen <ka...@gmail.com>.
If you are in webapp context, setting a request attribute
(http://docs.oracle.com/cd/E17802_01/products/products/servlet/2.5/docs/servlet-2_5-mr2/javax/servlet/ServletRequest.html#setAttribute(java.lang.String,%20java.lang.Object)
) would be the usual way.
Kalle
On Wed, Aug 15, 2012 at 9:12 AM, Chin Huang <pu...@gmail.com> wrote:
>
> On Wed, Aug 15, 2012 at 6:33 AM, Marcus Bond <ma...@marcusbond.me.uk>
> wrote:
>> I’d like to avoid having to implement my own ThreadLocal and the
>> corresponding clearing after the request since Shiro already has this
>> built
>> in.
>
> I also wanted to avoid implementing my own ThreadLocal, so I put my
> application data in Shiro's ThreadContext, which Shiro clears after the
> request.
>
RE: Subject user session thread local in stateless service
Posted by Marcus Bond <ma...@marcusbond.me.uk>.
Thanks.
Pretty much as soon as I sent the mail I did wonder about using the
ThreadContext directly instead of the user session (which would be stored
within the Thread context anyway).. glad to hear someone else doing the same
thing J, seems a fair approach.
From: Chin Huang [mailto:pukkaone@gmail.com]
Sent: 15 August 2012 17:12
To: user@shiro.apache.org
Subject: Re: Subject user session thread local in stateless service
On Wed, Aug 15, 2012 at 6:33 AM, Marcus Bond <ma...@marcusbond.me.uk>
wrote:
> I'd like to avoid having to implement my own ThreadLocal and the
> corresponding clearing after the request since Shiro already has this
built
> in.
I also wanted to avoid implementing my own ThreadLocal, so I put my
application data in Shiro's ThreadContext
<http://shiro.apache.org/static/current/apidocs/org/apache/shiro/util/Thread
Context.html> , which Shiro clears after the request.
Re: Subject user session thread local in stateless service
Posted by Chin Huang <pu...@gmail.com>.
On Wed, Aug 15, 2012 at 6:33 AM, Marcus Bond <ma...@marcusbond.me.uk>
wrote:
> I’d like to avoid having to implement my own ThreadLocal and the
> corresponding clearing after the request since Shiro already has this
built
> in.
I also wanted to avoid implementing my own ThreadLocal, so I put my
application data in Shiro's
ThreadContext<http://shiro.apache.org/static/current/apidocs/org/apache/shiro/util/ThreadContext.html>,
which Shiro clears after the request.