You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2011/06/09 19:51:59 UTC
[jira] [Reopened] (SHIRO-287) Enable web-configured SecurityManager
to be statically accessible for non-request threads
[ https://issues.apache.org/jira/browse/SHIRO-287?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood reopened SHIRO-287:
---------------------------------
This feature should probably be removed now that the WebEnvironment concept has been built. End-users can make the ServletContext statically accessible if they wish and use WebUtils.getWebEnvironment to acquire the SecurityManager in non-request threads.
This means only a single web app can run in the container however. Continued list discussion is probably necessary to figure out our preferred approach.
> Enable web-configured SecurityManager to be statically accessible for non-request threads
> -----------------------------------------------------------------------------------------
>
> Key: SHIRO-287
> URL: https://issues.apache.org/jira/browse/SHIRO-287
> Project: Shiro
> Issue Type: New Feature
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Labels: SecurityManager, Shiro, request, static, thread, web, web.xml
> Fix For: 1.2.0
>
>
> For any work done on threads that are not triggered by a request thread, the SecurityManager should be accessible to these threads so the Subject.Builder can be used properly.
> This can be accomplished by setting the configured SecurityManager as a static member variable in SecurityUtils (via SecurityUtils.setSubjectManager). While static memory is not ideal, it is probably good enough for 90% of web applications, and can be a viable solution.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira