You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2010/05/16 00:01:43 UTC
[jira] Resolved: (SHIRO-161) No SecurityManager accessible to the
calling code
[ https://issues.apache.org/jira/browse/SHIRO-161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood resolved SHIRO-161.
---------------------------------
Assignee: Kalle Korhonen
Fix Version/s: 1.0.0
Resolution: Not A Problem
As the exception states, this is almost always due to an invalid application (or 3rd party framework) configuration. Something needs to sit in front of a call stack (Method interceptor, AbstractShiroFilter instance, etc) to guarantee thread state is set up and properly bound before the call stack can continue.
Before SecurityUtils.getSubject() can be called, something higher up in the call stack must bind the SecurityManager to the thread. The exception trace that you posted indicates that Tynamo is using the plain Subject.Binder() constructor, which _must_ have a ThreadContext-bound SecurityManager instance (Tynamo needs to ensure this). The alternative is for Tynamo to use the constructor that specifies the SecurityManager instance directly.
I would talk to Kalle Korhonen on the Tynamo mailing lists about this - I'm sure he'd be able to track down what is going on as he's intimately familiar with both projects's codebases.
> No SecurityManager accessible to the calling code
> -------------------------------------------------
>
> Key: SHIRO-161
> URL: https://issues.apache.org/jira/browse/SHIRO-161
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.0.0
> Environment: Linux, Tomcat 6, Jetty 6
> Reporter: Robert Hannebauer
> Assignee: Kalle Korhonen
> Priority: Critical
> Fix For: 1.0.0
>
> Attachments: Test-eclipse.zip, Test.war
>
>
> The security context is not bound to the thread context.
> The application uses an ajax periodical updater to often refresh some zones. But the user is enabled to interact with the application, so it happens, that two simultaneous requests arrives at the application server. This often produces
> ERROR 2010-05-15 23:33:08,030 (SecurityModule.java:253) - Error handling SecurityException
> org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.
> at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:124)
> at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:616)
> at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:57)
> at org.tynamo.security.services.impl.SecurityServiceImpl.getSubject(SecurityServiceImpl.java:37)
> at org.tynamo.security.services.impl.SecurityServiceImpl.isAuthenticated(SecurityServiceImpl.java:42)
> at $SecurityService_1289de25571.isAuthenticated($SecurityService_1289de25571.java)
> at org.tynamo.security.ShiroExceptionHandler.handle(ShiroExceptionHandler.java:74)
> at org.tynamo.security.services.SecurityModule$3.advise(SecurityModule.java:250)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.