You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Alex Orlov <oo...@mail.ru> on 2020/11/20 16:19:01 UTC
Re[2]: How to clear thread after Subject.login()
Hi Brian
I am talking about using Shiro in my test (or in any NON WEB environment).
consider the following code:
@Test
public void testMe() {
var subject = SecurityUtils.getSubject();
subject.login(new SomeToken());
//here subject is bound to thread (as I understand!!!)
}
I’ve read this
Subject subject = new Subject.Builder()...
ThreadState threadState = new SubjectThreadState(subject);
threadState.bind();
try {
//execute work as the built Subject
} finally {
//ensure any state is cleaned so the thread won't be
//corrupt in a reusable or pooled thread environment
threadState.clear();
}
but this is not my situation, as when I do subject.login(...) I don’t manually bind
subject to thread. And I want to understand how to unbind thread after subject.login().
Or I understand something wrong?
--
Best regards, Alex Orlov
>Пятница, 20 ноября 2020, 18:48 +03:00 от Brian Demers <br...@gmail.com>:
>
>What type of application are you building? For web applications Shiro can handle the Login (collecting of the username/password) and the thread binding for you, so you don't actually need to do that. (this all happens with the ShiroFilter, and associated chain)
>
>That said, if you do not want to use shiro-web, you could accomplish the same thing by sticking your code in a Runnable:
>https://github.com/apache/shiro/blob/b0091dfef63288f957389bce42f5a8e85329a1aa/web/src/main/java/org/apache/shiro/web/servlet/AbstractShiroFilter.java#L359-L368
>
>Take a look at the Subject / Thread Association doc:
>https://shiro.apache.org/subject.html#thread-association
>On Fri, Nov 20, 2020 at 8:50 AM Alex Orlov < ooo_saturn7@mail.ru > wrote:
>>Hi all,
>>
>>I use the following code:
>>var subject = SecurityUtils.getSubject();
>>subject.login(new SomeToken());
>>
>>As I understand, after `subject.login(new SomeToken())` if subject successfully logs in, he
>>is bound to the current thread. Could anyone say how I can clear current thread, without subject.logout()?
>>I just want the subject leaves in system until it is necessary again (for example until next request).
>>
>>I’ve read this article https://shiro.apache.org/subject.html but didn’t find answer there. Please, help.
>>
>>--
>>Best regards, Alex Orlov
Re[4]: How to clear thread after Subject.login()
Posted by Alex Orlov <oo...@mail.ru>.
Hi Brian,
I’ve studied ExampleShiroIntegrationTest and I can’t understand one thing.
How can this IT work if the subject we provided isn’t authenticated (+no permissions etc)?
Or is it supposed that for IT tests we will have mock SecurityRealm? Could you explain?
--
Best regards, Alex Orlov
>Пятница, 20 ноября 2020, 20:58 +03:00 от Brian Demers <br...@gmail.com>:
>
>You have a couple of options, you could either do something like this:
>https://github.com/apache/shiro/blob/0e5a4428bcaa0a4c03680f5faad5a4c897379497/core/src/test/java/org/apache/shiro/test/ExampleShiroIntegrationTest.java
>
>Or you could do something like:
>
>@Test
>public void myTest() {
> Subject subject = buildYourTestSubject();
>
> subject.execute(new Runnable() {
> assertThat(yourCode, worksCorrectly());
> }
>}
>
>You could also call ThreadContext.remove() if you didn't want to do either of the above
>https://github.com/apache/shiro/blob/0e5a4428bcaa0a4c03680f5faad5a4c897379497/core/src/main/java/org/apache/shiro/util/ThreadContext.java#L203
>
>On Fri, Nov 20, 2020 at 11:19 AM Alex Orlov < ooo_saturn7@mail.ru > wrote:
>>Hi Brian
>>
>>I am talking about using Shiro in my test (or in any NON WEB environment).
>>
>>consider the following code:
>>
>>@Test
>>public void testMe() {
>> var subject = SecurityUtils.getSubject();
>> subject.login(new SomeToken());
>> //here subject is bound to thread (as I understand!!!)
>>}
>>
>>I’ve read this
>>Subject subject = new Subject.Builder()...
>>ThreadState threadState = new SubjectThreadState(subject);
>>threadState.bind();
>>try {
>> //execute work as the built Subject
>>} finally {
>> //ensure any state is cleaned so the thread won't be
>> //corrupt in a reusable or pooled thread environment
>> threadState.clear();
>>}
>>
>>but this is not my situation, as when I do subject.login(...) I don’t manually bind
>>subject to thread. And I want to understand how to unbind thread after subject.login().
>>Or I understand something wrong?
>>
>>
>>--
>>Best regards, Alex Orlov
>>
>>
>>>Пятница, 20 ноября 2020, 18:48 +03:00 от Brian Demers < brian.demers@gmail.com >:
>>>
>>>What type of application are you building? For web applications Shiro can handle the Login (collecting of the username/password) and the thread binding for you, so you don't actually need to do that. (this all happens with the ShiroFilter, and associated chain)
>>>
>>>That said, if you do not want to use shiro-web, you could accomplish the same thing by sticking your code in a Runnable:
>>>https://github.com/apache/shiro/blob/b0091dfef63288f957389bce42f5a8e85329a1aa/web/src/main/java/org/apache/shiro/web/servlet/AbstractShiroFilter.java#L359-L368
>>>
>>>Take a look at the Subject / Thread Association doc:
>>>https://shiro.apache.org/subject.html#thread-association
>>>On Fri, Nov 20, 2020 at 8:50 AM Alex Orlov < ooo_saturn7@mail.ru > wrote:
>>>>Hi all,
>>>>
>>>>I use the following code:
>>>>var subject = SecurityUtils.getSubject();
>>>>subject.login(new SomeToken());
>>>>
>>>>As I understand, after `subject.login(new SomeToken())` if subject successfully logs in, he
>>>>is bound to the current thread. Could anyone say how I can clear current thread, without subject.logout()?
>>>>I just want the subject leaves in system until it is necessary again (for example until next request).
>>>>
>>>>I’ve read this article https://shiro.apache.org/subject.html but didn’t find answer there. Please, help.
>>>>
>>>>--
>>>>Best regards, Alex Orlov
>>
Re: Re[4]: How to clear thread after Subject.login()
Posted by sreenivas harshith <sr...@yahoo.com>.
I had the same issue with tomcat in nio pooled environment, I ended up using subject builder to ensure thread is not corrupted with earlier subjects
Get Outlook for Android<https://aka.ms/ghei36>
________________________________
From: Alex Orlov <oo...@mail.ru>
Sent: Friday, November 20, 2020 11:48:00 PM
To: Brian Demers <br...@gmail.com>
Cc: user@shiro.apache.org <us...@shiro.apache.org>
Subject: Re[4]: How to clear thread after Subject.login()
Oh. I didn’t notice that there is a Builder. The question is closed.
I went in wrong direction.Thank you very much for your help.
--
Best regards, Alex Orlov
Пятница, 20 ноября 2020, 20:58 +03:00 от Brian Demers <br...@gmail.com>:
You have a couple of options, you could either do something like this:
https://github.com/apache/shiro/blob/0e5a4428bcaa0a4c03680f5faad5a4c897379497/core/src/test/java/org/apache/shiro/test/ExampleShiroIntegrationTest.java
Or you could do something like:
@Test
public void myTest() {
Subject subject = buildYourTestSubject();
subject.execute(new Runnable() {
assertThat(yourCode, worksCorrectly());
}
}
You could also call ThreadContext.remove() if you didn't want to do either of the above
https://github.com/apache/shiro/blob/0e5a4428bcaa0a4c03680f5faad5a4c897379497/core/src/main/java/org/apache/shiro/util/ThreadContext.java#L203
On Fri, Nov 20, 2020 at 11:19 AM Alex Orlov <oo...@mail.ru>> wrote:
Hi Brian
I am talking about using Shiro in my test (or in any NON WEB environment).
consider the following code:
@Test
public void testMe() {
var subject = SecurityUtils.getSubject();
subject.login(new SomeToken());
//here subject is bound to thread (as I understand!!!)
}
I’ve read this
Subject subject = new Subject.Builder()...
ThreadState threadState = new SubjectThreadState(subject);
threadState.bind();
try {
//execute work as the built Subject
} finally {
//ensure any state is cleaned so the thread won't be
//corrupt in a reusable or pooled thread environment
threadState.clear();
}
but this is not my situation, as when I do subject.login(...) I don’t manually bind
subject to thread. And I want to understand how to unbind thread after subject.login().
Or I understand something wrong?
--
Best regards, Alex Orlov
Пятница, 20 ноября 2020, 18:48 +03:00 от Brian Demers <br...@gmail.com>>:
What type of application are you building? For web applications Shiro can handle the Login (collecting of the username/password) and the thread binding for you, so you don't actually need to do that. (this all happens with the ShiroFilter, and associated chain)
That said, if you do not want to use shiro-web, you could accomplish the same thing by sticking your code in a Runnable:
https://github.com/apache/shiro/blob/b0091dfef63288f957389bce42f5a8e85329a1aa/web/src/main/java/org/apache/shiro/web/servlet/AbstractShiroFilter.java#L359-L368
Take a look at the Subject / Thread Association doc:
https://shiro.apache.org/subject.html#thread-association
On Fri, Nov 20, 2020 at 8:50 AM Alex Orlov <oo...@mail.ru>> wrote:
Hi all,
I use the following code:
var subject = SecurityUtils.getSubject();
subject.login(new SomeToken());
As I understand, after `subject.login(new SomeToken())` if subject successfully logs in, he
is bound to the current thread. Could anyone say how I can clear current thread, without subject.logout()?
I just want the subject leaves in system until it is necessary again (for example until next request).
I’ve read this article https://shiro.apache.org/subject.html but didn’t find answer there. Please, help.
--
Best regards, Alex Orlov
Re[4]: How to clear thread after Subject.login()
Posted by Alex Orlov <oo...@mail.ru>.
Oh. I didn’t notice that there is a Builder. The question is closed.
I went in wrong direction.Thank you very much for your help.
--
Best regards, Alex Orlov
>Пятница, 20 ноября 2020, 20:58 +03:00 от Brian Demers <br...@gmail.com>:
>
>You have a couple of options, you could either do something like this:
>https://github.com/apache/shiro/blob/0e5a4428bcaa0a4c03680f5faad5a4c897379497/core/src/test/java/org/apache/shiro/test/ExampleShiroIntegrationTest.java
>
>Or you could do something like:
>
>@Test
>public void myTest() {
> Subject subject = buildYourTestSubject();
>
> subject.execute(new Runnable() {
> assertThat(yourCode, worksCorrectly());
> }
>}
>
>You could also call ThreadContext.remove() if you didn't want to do either of the above
>https://github.com/apache/shiro/blob/0e5a4428bcaa0a4c03680f5faad5a4c897379497/core/src/main/java/org/apache/shiro/util/ThreadContext.java#L203
>
>On Fri, Nov 20, 2020 at 11:19 AM Alex Orlov < ooo_saturn7@mail.ru > wrote:
>>Hi Brian
>>
>>I am talking about using Shiro in my test (or in any NON WEB environment).
>>
>>consider the following code:
>>
>>@Test
>>public void testMe() {
>> var subject = SecurityUtils.getSubject();
>> subject.login(new SomeToken());
>> //here subject is bound to thread (as I understand!!!)
>>}
>>
>>I’ve read this
>>Subject subject = new Subject.Builder()...
>>ThreadState threadState = new SubjectThreadState(subject);
>>threadState.bind();
>>try {
>> //execute work as the built Subject
>>} finally {
>> //ensure any state is cleaned so the thread won't be
>> //corrupt in a reusable or pooled thread environment
>> threadState.clear();
>>}
>>
>>but this is not my situation, as when I do subject.login(...) I don’t manually bind
>>subject to thread. And I want to understand how to unbind thread after subject.login().
>>Or I understand something wrong?
>>
>>
>>--
>>Best regards, Alex Orlov
>>
>>
>>>Пятница, 20 ноября 2020, 18:48 +03:00 от Brian Demers < brian.demers@gmail.com >:
>>>
>>>What type of application are you building? For web applications Shiro can handle the Login (collecting of the username/password) and the thread binding for you, so you don't actually need to do that. (this all happens with the ShiroFilter, and associated chain)
>>>
>>>That said, if you do not want to use shiro-web, you could accomplish the same thing by sticking your code in a Runnable:
>>>https://github.com/apache/shiro/blob/b0091dfef63288f957389bce42f5a8e85329a1aa/web/src/main/java/org/apache/shiro/web/servlet/AbstractShiroFilter.java#L359-L368
>>>
>>>Take a look at the Subject / Thread Association doc:
>>>https://shiro.apache.org/subject.html#thread-association
>>>On Fri, Nov 20, 2020 at 8:50 AM Alex Orlov < ooo_saturn7@mail.ru > wrote:
>>>>Hi all,
>>>>
>>>>I use the following code:
>>>>var subject = SecurityUtils.getSubject();
>>>>subject.login(new SomeToken());
>>>>
>>>>As I understand, after `subject.login(new SomeToken())` if subject successfully logs in, he
>>>>is bound to the current thread. Could anyone say how I can clear current thread, without subject.logout()?
>>>>I just want the subject leaves in system until it is necessary again (for example until next request).
>>>>
>>>>I’ve read this article https://shiro.apache.org/subject.html but didn’t find answer there. Please, help.
>>>>
>>>>--
>>>>Best regards, Alex Orlov
>>
Re: Re[2]: How to clear thread after Subject.login()
Posted by Brian Demers <br...@gmail.com>.
You have a couple of options, you could either do something like this:
https://github.com/apache/shiro/blob/0e5a4428bcaa0a4c03680f5faad5a4c897379497/core/src/test/java/org/apache/shiro/test/ExampleShiroIntegrationTest.java
Or you could do something like:
@Test
public void myTest() {
Subject subject = buildYourTestSubject();
subject.execute(new Runnable() {
assertThat(yourCode, worksCorrectly());
}
}
You could also call ThreadContext.remove() if you didn't want to do either
of the above
https://github.com/apache/shiro/blob/0e5a4428bcaa0a4c03680f5faad5a4c897379497/core/src/main/java/org/apache/shiro/util/ThreadContext.java#L203
On Fri, Nov 20, 2020 at 11:19 AM Alex Orlov <oo...@mail.ru> wrote:
> Hi Brian
>
> I am talking about using Shiro in my test (or in any NON WEB environment).
>
> consider the following code:
>
> @Test
> public void testMe() {
> var subject = SecurityUtils.getSubject();
> subject.login(new SomeToken());
> //here subject is bound to thread (as I understand!!!)
> }
>
> I’ve read this
> Subject subject = new Subject.Builder()...
> ThreadState threadState = new SubjectThreadState(subject);
> threadState.bind();
> try {
> //execute work as the built Subject
> } finally {
> //ensure any state is cleaned so the thread won't be
> //corrupt in a reusable or pooled thread environment
> threadState.clear();
> }
>
> but this is not my situation, as when I do subject.login(...) I don’t
> manually bind
> subject to thread. And I want to understand how to unbind thread after
> subject.login().
> Or I understand something wrong?
>
>
> --
> Best regards, Alex Orlov
>
>
>
> Пятница, 20 ноября 2020, 18:48 +03:00 от Brian Demers <
> brian.demers@gmail.com>:
>
> What type of application are you building? For web applications Shiro can
> handle the Login (collecting of the username/password) and the thread
> binding for you, so you don't actually need to do that. (this all happens
> with the ShiroFilter, and associated chain)
>
> That said, if you do not want to use shiro-web, you could accomplish the
> same thing by sticking your code in a Runnable:
>
> https://github.com/apache/shiro/blob/b0091dfef63288f957389bce42f5a8e85329a1aa/web/src/main/java/org/apache/shiro/web/servlet/AbstractShiroFilter.java#L359-L368
>
> Take a look at the Subject / Thread Association doc:
> https://shiro.apache.org/subject.html#thread-association
>
> On Fri, Nov 20, 2020 at 8:50 AM Alex Orlov <ooo_saturn7@mail.ru
> <//...@mail.ru>> wrote:
>
> Hi all,
>
> I use the following code:
> var subject = SecurityUtils.getSubject();
> subject.login(new SomeToken());
>
> As I understand, after `subject.login(new SomeToken())` if subject
> successfully logs in, he
> is bound to the current thread. Could anyone say how I can clear current
> thread, without subject.logout()?
> I just want the subject leaves in system until it is necessary again (for
> example until next request).
>
> I’ve read this article https://shiro.apache.org/subject.html but didn’t
> find answer there. Please, help.
>
> --
> Best regards, Alex Orlov
>
>
>