You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Romain Gilles <ro...@gmail.com> on 2014/03/05 12:14:19 UTC

Shiro Dummy question

Hi all,
First of all thank you for this framework!
I'm looking for a way to use the Shiro Guice integration. I'm looking to
the documentation and I see this:

class MyShiroModule extends ShiroModule


then:

Injector injector = Guice.createInjector(new MyShiroModule());
    SecurityManager securityManager =
injector.getInstance(SecurityManager.class);
    SecurityUtils.setSecurityManager(securityManager);

When I look at the

SecurityUtils.setSecurityManager(securityManager);

It look like this:
    ...
    private static SecurityManager securityManager;
    ...
    public static void setSecurityManager(SecurityManager securityManager) {
        SecurityUtils.securityManager = securityManager;
    }

Could we have a thread-safety issue here?
The SecurityManager attribute is not protected by volatile or lock.

If I look at the different implementation I don' t see final usage and
volatile.

How can I configure MyShiroModule to be sure that I will not encounter
multi-threading issue?

Thanks,

Romain.

Re: Shiro Dummy question

Posted by Jared Bunting <ja...@peachjean.com>.

Indeed, you could encounter a thread safety issue.  The tidbit that you see
(which, to be clear, is only intended for non-webapp use) is meant to be
called at application startup time.  So, call
``SecurityUtils.setSecurityManager`` only once in your application, in your
main thread, prior to starting any other threads.  After that you should
not change it.


On Wed, Mar 5, 2014 at 5:14 AM, Romain Gilles <ro...@gmail.com>wrote:

> Hi all,
> First of all thank you for this framework!
> I'm looking for a way to use the Shiro Guice integration. I'm looking to
> the documentation and I see this:
>
> class MyShiroModule extends ShiroModule
>
>
> then:
>
> Injector injector = Guice.createInjector(new MyShiroModule());
>     SecurityManager securityManager = injector.getInstance(SecurityManager.class);
>     SecurityUtils.setSecurityManager(securityManager);
>
> When I look at the
>
> SecurityUtils.setSecurityManager(securityManager);
>
> It look like this:
>     ...
>     private static SecurityManager securityManager;
>     ...
>     public static void setSecurityManager(SecurityManager securityManager)
> {
>         SecurityUtils.securityManager = securityManager;
>     }
>
> Could we have a thread-safety issue here?
> The SecurityManager attribute is not protected by volatile or lock.
>
> If I look at the different implementation I don' t see final usage and
> volatile.
>
> How can I configure MyShiroModule to be sure that I will not encounter
> multi-threading issue?
>
> Thanks,
>
> Romain.
>
>
>
>
>